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(57) An information processing apparatus (1010, 
3001 ), an entry information management method and a 
certification function control method are disclosed for re- 
alizing compatibility between improvement and conven- 
ience of security functions. The information processing 
apparatus includes a restriction part restricting an oper- 
ation available to a user based on a status of the user 



and a setting part setting the status. The information 
processing apparatus can manage one or more entry 
information elements (1 001) and impose a restriction on 
user's manipulation on an entry information element. In 
addition, the information processing apparatus can al- 
low a userto cancel use restriction on a program (3041 , 
3042, 3043, 3044, 3045) and the user to use the pro- 
gram. 
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Description 



[0001] The present invention generally relates to an 
information processing apparatus, an entry information 
management method and a certification function control 
method. More particularly, the present invention relates 
to an information processing apparatus and an entry in- 
formation management method in which manipulations 
of a user on entry information can be restricted, and an 
information processing apparatus and a certification 
function control method in which one or more certifica- 
tion functions can be provided to one or more programs. 
[0002] In recent years, an image processing appara- 
tus, which is an embodiment of an information process- 
ing' apparatus, accommodating individual device func- 
tions : such as a printer, a copier, a facsimile and a scan- 
ner, in a single housing (hereinafter called a multifunc- 
tional product) has been recognized. This multifunction- 
al product includes a display part, a print part and an 
image formation part in a single housing together with 
four software items corresponding to the printer, the 
copier, the facsimile and the scanner. By switching the 
software items, the multifunctional product can work as 
any of the printer, the copier, the facsimile and the scan- 
ner. Japanese Laid-Open Patent Application No. 
2002-084383 discloses an embodiment of the above- 
mentioned multifunctional product. 
[0003] In such a multifunctional product, user informa- 
tion on users allowed to use the multifunctional product 
is managed as entry information. The entry information 
may include, for example, names, e-mail address, FAX 
numbers, passwords, user names, use restriction infor- 
mation and charge data. 

[0004] The entry information managed in a multifunc- 
tional product is set to allow all users to view all infor- 
mation items of the entry information other than some 
information items such as passwords. On the other 
hand, the entry information managed in a multifunctional 
product is normally set to allow only a user administrator 
to edit information items of the entry information. Alter- 
natively, the entry information managed in a multifunc- 
tional product may be set to allow all users to edit infor- 
mation items of the entry information. Japanese Laid- 
Open Patent Application No. 2000-015898 discloses an 
embodiment of a user information management meth- 
od. 

[0005] In conventional multifunctional products, entry 
information on all users is managed as address books, 
and access authority to the entry information (for exam- 
ple, permission of viewing or editing the entry informa- 
tion) is set for each address book. Consequently, the 
conventional multifunctional products do not allow the 
access authority to the entry information to be set in de- 
tail. It is noted that a user administrator is allowed to set 
the access authority to the entry information. 
[0006] In recent years, multifunctional products are 
required to have advanced security functions. Thus, it 
is undesirable to allow to set access authority to entry 



information for a whole address book from the viewpoint 
of compatibility between robust security functions and 
friendly manipulation to the entry information. Also, con- 
ventional multifunctional products allow only user ad- 
5 ministrators to set access authority to the entry informa- 
tion. That can be considered to be problematic from the 
viewpoint of improving friendly manipulation of the entry 
information. 

[0007] In addition, when a conventional multifunction- 
10 al product operates as a printer, a copier, a facsimile or 
a scanner, the multifunctional product uses an authen- 
tication function to authenticate whether a user has au- 
thority to use the printer, the copier, the facsimile or the 
scanner, and uses a charge function to charge a fee. 
15 Japanese Laid-Open Patent Application No. 
2002-288737 discloses an image processing system 
that a user can use when a card is set in a card reader 
thereof. 

[0008] In such a conventional multifunctional product, 
20 it is necessary to set the authentication function and the 
charge function for the whole multifunctional product. 
Forthis reason, the conventional multifunctional product 
has difficult compatibility between good security and 
easy manipulation of the authentication and charge 
25 functions of the multifunctional product. 

[0009] In general, a newer type or a newer version of 
multifunctional product is provided with more secure au- 
thentication and charge functions. In order to use new 
authentication and charge functions in a conventional 
30 multifunctional product, however, it is necessary to mod- 
ify programs thereof. Thus, there is a problem in that 
such new authentication and charge functions cannot 
be easily added. 

[0010] It is a general object of the present invention 
35 to provide an information processing apparatus, an en- 
try information management method and a certification 
function control method in which one or more of the 
above-mentioned problems are eliminated. 
[0011] A first more specific object of the present in- 
40 vention is to provide an information processing appara- 
tus and an entry information management method that 
achieve compatibility of improvement of security func- 
tions and convenience of entry information. 
[0012] A second more specific object of the present 
45 invention is to provide an information processing appa- 
ratus and a certification function control method that can 
realize secure and convenient certification functions 
and add a new certification function easily. 
[0013] In order to achieve the above-mentioned ob- 
50 jects, there is provided according to one aspect of the 
present invention an information processing apparatus, 
including: a restriction part restricting an operation avail- 
able to a user on the information processing apparatus 
based on a status of the user; and a setting part setting 
55 the status of the user. 

[0014] In an embodiment of the invention, the infor- 
mation processing apparatus may manage one or more 
entry information elements and impose a restriction on 
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user's manipulation on an entry information element; the 
setting part may includes a first registration function reg- 
istering manipulation authority to allow a manipulation 
on an entry information element and setting authority to 
allow setting of the manipulation authority in association 
with the entry information element and one or more us- 
ers, and the restriction part may include a first restriction 
function restricting a manipulation of the users on the 
entry information element in accordance with the ma- 
nipulation authority. 

[0015] In an embodiment of the invention, the infor- 
mation processing apparatus may allow a userto cancel 
use restriction on a program and the userto use the pro- 
gram, the setting part may include a setting function as- 
sociating one or more programs having use restriction 
with one or more certification unit to cancel the use re- 
striction of the programs, and the restriction part may 
include a use function, when a user cancels use restric- 
tion of a program by using a certification unit associated 
with the program, allowing the userto use the program. 
[0016] Additionally, there is provided according to an- 
other aspect of the invention a method of managing en- 
try information for an information processing apparatus 
that manages one or more entry information elements 
and restricts a manipulation of one or more users on the 
entry information elements, the method including steps 
of: registering manipulation authority to allow a manip- 
ulation on an entry information element and setting au- 
thority to allow setting of the manipulation authority in 
association with the entry information element and one 
or more users; and restricting a manipulation of the us- 
ers on the entry information element in accordance with 
the manipulation authority. 

[0017] Additionally, there is provided according to an- 
other aspect of the invention a method of controlling a 
certification function for an information processing ap- 
paratus that allows a userto cancel use restriction on a 
program and the user to use the program, the method 
including steps of: associating one or more programs 
having use restriction with one or more certification unit 
to cancel the use restriction of the programs; and allow- 
ing, when a user cancels use restriction of a program by 
using a certification unit associated with the program, 
the userto use the program. 

[0018] According to one aspect of the invention, since 
permission or denial of user's manipulations on an entry 
information element can be set in detail, it is possible to 
realize compatibility between improvement of security 
functions and convenience of the entry information ele- 
ment. 

[0019] According to another aspect of the invention, 
it is possible to realize compatibility between security 
and convenience of certification functions and add a 
new certification function easily. 

[0020] Other objects, features and advantages of the 
present invention will become more apparent from the 
following detailed description when read in conjunction 
with the accompanying drawings. 
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FIG. 1 shows a first exemplary data structure of an 
entry information element of a multifunctional prod- 
uct according to a first embodiment of the present 
invention; 

5 FIG. 2 shows a second exemplary data structure of 

an entry information element of a multifunctional 
product according to the first embodiment; 
FIG. 3 shows a third exemplary data structure of an 
entry information element of a multifunctional prod- 

10 uct according to the first embodiment; 

FIG. 4 shows a fourth exemplary data structure of 
an entry information element of a multifunctional 
product according to the first embodiment; 
FIG. 5 shows a fifth exemplary data structure of an 

15 entry information element of a multifunctional prod- 
uct according to the first embodiment; 
FIG. 6 shows a sixth exemplary data structure of an 
entry information element of a multifunctional prod- 
uct according to the first embodiment; 

20 FIG. 7 shows an exemplary functional structure of 
a multifunctional product according to the first em- 
bodiment; 

FIG. 8 shows an exemplary hardware configuration 
of a multifunctional product according to the first 

25 embodiment; 

FIG. 9 shows exemplary screens successively dis- 
played on an operation panel of a multifunctional 
product according to the first embodiment; 
FIG. 1 0 shows exemplary subsequent screens suc- 

30 cessively displayed on the operation panel of the 
multifunctional product according to the first em- 
bodiment; 

FIG. 11 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel of the 
35 multifunctional product according to the first em- 
bodiment; 

FIG . 1 2 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel of the 
multifunctional product according to the first em- 
40 bodiment; 

FIG. 1 3 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel of the 
multifunctional product according to the first em- 
bodiment; 

45 FIG. 14 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel of the 
multifunctional product according to the first em- 
bodiment; 

FIG. 1 5 shows exemplary subsequent screens suc- 
50 cessively displayed on the operation panel of the 
multifunctional product according to the first em- 
bodiment; 

FIG. 16 is a diagram for explaining an exemplary 
procedure of creating an entry information element 
55 according to the first embodiment; 

FIG . 1 7 is another diagram for explaining the exem- 
plary procedure of creating the entry information el- 
ement according to the first embodiment; 
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FIG. 18 is another diagram for explaining the exem- 
plary procedure of creating the entry information el- 
ement according to the first embodiment; 
FIG. 1 9 is another diagram for explaining the exem- 
plary procedure of creating the entry information el- 5 
ement according to the first embodiment; 
FIG. 20 shows other exemplary screens succes- 
sively displayed on an operation panel of a multi- 
functional product according to the first embodi- 
ment; 10 
FIG. 21 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel of the 
multifunctional product according to the first em- 
bodiment; 

FIG. 22 shows exemplary subsequent screens sue- 15 
cessively displayed on the operation panel of the 
multifunctional product according to the first em- 
bodiment; 

FIG. 23 is a diagram for explaining another exem- 
plary procedure of creating an entry information el- 20 
ement according to the first embodiment; 
FIG. 24 is another diagram for explaining the exem- 
plary procedure of creating the entry information el- 
ement according to the first embodiment; 
FIG. 25 shows exemplary screens for authenticat- 25 
ing a user administrator and a user successively 
displayed on an operation panel in a case where 
certification of a user administrator and a user is 
performed; 

FIG. 26 shows exemplary subsequent screens sue- 30 
cessively displayed on the operation pane! in the 
case of FIG. 25; 

FIG. 27 shows exemplary screens successively dis- 
played on an operation panel in a case where cer- 
tification of a user administrator is performed and 35 
certification of a user is not performed; 
FIG. 28 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel in the 
case of FIG. 27; 

FIG. 29 shows exemplary screens successively dis- *o 
played on an operation panel in a case where cer- 
tification of a user is performed and certification of 
a user administrator is not performed; 
FIG. 30 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel in the « 
case of FIG. 29; 

FIG. 31 A shows an exemplary entry information el- 
ement in a case where a user has viewing authority 
or editing authority; 

FIG. 31 B shows an exemplary entry information el- si 
ement in a case where a user does not have viewing 
authority or editing authority; 
FIG. 32 is a diagram for explaining a procedure of 
displaying an address book according to the first 
embodiment; 5; 
FIG. 33 is a sequence diagram of an exemplary pro- 
cedure of creating an entry information element ac- 
cording to the first embodiment; 



FIG. 34 shows a seventh exemplary data structure 
of an entry information element of a multifunctional 
product according to the first embodiment; 
FIG. 35 shows a table representing an exemplary 
policy to define manipulations corresponding to var- 
ious kinds of authority according to the first embod- 
iment; 

FIG. 36 shows a table representing an exemplary 
policy allowed to set owner authority to a user ac- 
cording to a variation of the first embodiment; 
FIG. 37 shows an eighth exemplary data structure 
of an entry information element of a multifunctional 
product according to the first embodiment; 
FIG. 38 shows an exemplary screen to set viewing 
authority, editing authority, deleting authority and 
full control authority according to the first embodi- 
ment; 

FIG. 39 shows exemplary screens successively dis- 
played on an operation panel of a multifunctional 
product according to the variation of the first em- 
bodiment; 

FIG. 40 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel of the 
multifunctional product according to the variation of 
the first embodiment; 

FIG. 41 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel of the 
multifunctional product according to the variation of 
the first embodiment; 

FIG. 42 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel of the 
multifunctional product according to the variation of 
the first embodiment; 

FIG. 43 shows exemplary subsequent screens suc- 
cessively displayed on the operation panel of the 
multifunctional product according to the variation of 
the first embodiment; 

FIG. 44 shows an exemplary screen for registering/ 
changing certification protection information ac- 
cording to the variation of the first embodiment; 
FIG. 45 shows exemplary access rules to an entry 
information element according to the variation of the 
first embodiment; 

FIGS. 46A and 46B show exemplary manipulation 
authority on the personal data or the management 
data depending on validity of a user administrator 
according to the variation of the first embodiment; 
FIG. 47 shows an exemplary functional structure of 
a multifunctional product according to a second em- 
bodiment of the present invention; 
FIG. 48 shows an exemplary hardware configura- 
tion of a multifunctional product according to the 
second embodiment; 

FIG. 49 is a diagram for explaining an exemplary 
certification function control method according to 
the second embodiment; 

FIG. 50 shows an exemplary certification and 
charge setting table according to the second em- 
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bodiment; 

FIG. 51 shows an exemplary data structure of an 
entry information element of a multifunctional prod- 
uct according to the second embodiment; 
FIG. 52 shows an exemplary user certification man- 5 
agement screen according to the second embodi- 
ment; 

FIG. 53 show exemplary screens successively dis- 
played in an operation panel of a multifunctional 
product according to the second embodiment; 10 
FIG, 54 show exemplary subsequent screens suc- 
cessively displayed in the operation panel of the 
multifunctional product according to the second em- 
bodiment; 

FIG. 55 shows an exemplary certification screen 15 
corresponding to a case where management via us- 
er codes is set as certification means and charge 
means of a copier application according to the sec- 
ond embodiment; 

FIG. 56 shows an exemplary certification screen 20 
corresponding to a case where management via a 
coin rack is set as certification means and charge 
means of the copier application according to the 
second embodiment; 

FIG. 57 shows an exemplary certification screen 25 
corresponding to a case where management using 
a plurality of means is set as certification means and 
charge means of the copier application according 
to the second embodiment; 

FIG. 58 shows an exemplary certification screen 30 
corresponding to a case where management using 
a plurality of means is set as certification means and 
charge means of the copier application according 
to the second embodiment; 

FIG. 59 is a sequence diagram of an exemplary op- 35 
eration of a certification module and a charge mod- 
ule according to the second embodiment; 
FIG. 60 is a sequence diagram of a first exemplary 
use restriction cancel operation of a multifunctional 
product according to the second embodiment; *o 
FIG. 61 is a sequence diagram of a second exem- 
plary use restriction cancel operation of a multifunc- 
tional product according to the second embodi- 
ment; 

FIG. 62 is a sequence diagram of a third exemplary 
use restriction cancel operation of a multifunctional 
product according to the second embodiment; 
FIG. 63 is a sequence diagram of a fourth exempla- 
ry use restriction cancel operation of a multifunc- 
tional product according to the second embodi- so 
ment; 

FIG. 64 is a sequence diagram of a first exemplary 
charge operation of a multifunctional product ac- 
cording to the second embodiment; 
FIG. 65 is a sequence diagram of a second exem- 55 
plary charge operation of a multifunctional product 
according to the second embodiment; 
FIG. 66 is a sequence diagram of a third exemplary 
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charge operation of a multifunctional product ac- 
cording to the second embodiment; 
FIG. 67 is a sequence diagram of a fourth exempla- 
ry charge operation of a multifunctional product ac- 
cording to the second embodiment; 
FIG. 68 is a sequence diagram of a fifth exemplary 
charge operation of a multifunctional product ac- 
cording to the second embodiment; 
FIG. 69 is a sequence diagram of an exemplary use 
restriction cancel operation for a case where use 
restriction is not cancelled; 

FIG. 70 shows an exemplary use restriction screen 
displayed on an operation panel of a multifunctional 
product according to the second embodiment; 
FIG .71 is a sequence diagram of another exempla- 
ry use restriction cancel operation for the case 
where use restriction is not cancelled; 
FIG. 72 is a sequence diagram of another exempla- 
ry use restriction cancel operation through remote 
manipulation according to the second embodiment; 
FIG. 73 is a sequence diagram of an exemplary use 
restriction cancel operation through remote manip- 
ulation wherein measures against DoS attack are 
devised; 

FIG. 74 is a sequence diagram of another exempla- 
ry use restriction canceling operation through re- 
mote manipulation according to the second embod- 
iment; and 

FIG. 75 is a sequence diagram of an exemplary lo- 
gout operation of a multifunctional product accord- 
ing to the second embodiment. 

[0021] In the following, preferred embodiments of the 
present invention will be described with reference to the 
accompanying drawings. In these embodiments, a mul- 
tifunctional product is described as an embodiment of 
an information processing apparatus according to the 
present invention. However, the present invention is not 
limited to the embodiments, and may be embodied as 
any information processing apparatus capable of re- 
stricting user's manipulations on entry information. 
[0022] A description is given, with reference to FIG. 1 
through FIG. 46, of a multifunctional product according 
to a first embodiment of the present invention. 
[0023] First, some data structures of entry information 
of a multifunctional product that restricts user's manip- 
ulations on the entry information are described to facil- 
itate understanding of the present invention. 
[0024] FIG. 1 shows a first exemplary data structure 
of an entry information element of a multifunctional prod- 
uct according to the first embodiment. 
[0025] Referring to FIG. 1, an entry information ele- 
ment 1001 represents information on a single user for 
a multifunctional product. Specifically, the entry informa- 
tion element 1001 includes information items such as a 
serial number, an owner ID, an owner group 1002, a us- 
er group 1003, a registration number, a name, an email 
address, a FAX number, an SMB/FTP (Server Message 
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Block/File Transfer Protocol) name, a password, an 
SMB/FTP password a user name, use restriction infor- 
mation and charge data. 

[0026] The owner group 1002 includes one or more 
users having setting authority. The term "setting author- 
ity" indicates permission or denial of setting various 
types of manipulations such as addition of a user to the 
user group 1 003, deletion of a user from the user group 
1 003, viewing of a user on the entry information element 
1 001 and editing of a user on the entry information ele- 
ment 1 001 . Here, a user having the setting authority can 
add and delete a user to/from the owner group 1 002. In 
the user group 1003, one or more users having manip- 
ulation authority are registered. The term "manipulation 
authority" indicates permission or denial of viewing, ed- 
iting and other manipulations on the entry information 
element 1001. 

[0027] In the user group 1 003 in FIG. 1 , viewing au- 
thority over a viewing manipulation is represented as 
"R", and editing authority over an editing manipulation 
is represented as "W". Here, the user group 1003 may 
include not only a user but also a group 1 004 represent- 
ing a collection of one or more users. 
[0028] An "owner ID" of the owner group 1 002 and the 
user group 1 003 is an identifier of the user represented 
by the entry information element 1001 A "user admin- 
istrator ID" is an identifier of a user that manages the 
entry information element 1001. A "creator ID" is an 
identifier of a user that has created the entry information 
element 1 001 . A "user ID" is an identifier of a user. 
[0029] The use restriction information of the entry in- 
formation element 1001 includes permission or denial, 
for example, of monochrome copying, two-color copy- 
ing, full-color copying, monochrome printing, single- 
color printing, two-color printing, full-color printing, FAX 
transmission, scanner reading, document box printing, 
network accessing and other operations. 
[0030] in the entry information element 1001 in FIG. 
1 , the owner group 1 002 and the user group 3 are set 
for the whole entry information element 1001 . In other 
words, manipulation authority and setting authority are 
determined as access rules for the whole entry informa- 
tion element 1001 . 

[0031] FIG. 2 shows a second exemplary data struc- 
ture of an entry information element of a multifunctional 
product according to the first embodiment. In FIG. 2, the 
entry information element 1001 is the same as that in 
FIG. 1 except for a portion of the user group 1 003, and 
the description of the same portion is omitted. 
[0032] In the user group 1003 in FIG. 1 , viewing au- 
thority and editing authority of the group 1004, which 
represents a collection of one or more users, are set for 
the whole group 1004. On the other hand, in the user 
group 1 003 in FIG. 2, the viewing authority and the ed- 
iting authority of a group 1 005, which represents a col- 
lection of one or more users, are set for each user of the 
group 1005. In other words, according to the entry infor- 
mation element 1 005 in FIG. 2, the viewing authority and 



the editing authority can be set for each user of the group 
1 005 . Thus, according to in the second exemplary entry 
information element 1001 , access rules can be defined 
in further detail, compared to the first exemplary entry 

5 information element 1001 in FIG. 1. 

[0033] FIG. 3 shows a third exemplary data structure 
of an entry information element of a multifunctional prod- 
uct according to the first embodiment. In FIG. 3, the en- 
try information element 1005 is the same as those in 

10 FIG. 1 and FIG. 2 except for a portion of the user group 
1 003 , and the description of the same portion is omitted. 
In the user group 1003 in FIG. 1 , the viewing authority 
and the editing authority is set for the whole group 1004 
representing a collection of one or more users. Also, in 

15 the user group 1 003 in FIG. 2, the viewing authority and 
the editing authority are set for each user of the group 
1005. 

[0034] On the other hand, in the user group 1 003 in 
FIG. 3, the viewing authority and the editing authority 

20 are set for not only the whole group 1 005 but also each 
user of the group 1005. In the user group 1003 in FIG. 
3, since the viewing authority and the editing authority 
can be set for the whole group 1005, it is possible to 
roughly set access rules. Additionally, since the viewing 

25 authority and the editing authority can be set for each 
user of the group 1 005, it is possible to set access rules 
in detail. 

[0035] Thus, the entry information element 1001 in 
FIG. 3 makes it easy to set the user group 1003 by set- 
30 ting the viewing authority and the editing authority for 
the whole group 1005. In addition, the entry information 
element 1 001 in FIG. 3 makes it possible to set access 
rules in detail by setting the viewing authority and the 
editing authority for each user of the group 1005. Here, 
35 when the entry information element 1001 in FIG. 3 is 
used, it is necessary to set access rules in the user 
group 1 003 in advance for cases where the first viewing 
and editing authority set for the whole group 1005 is in- 
consistent with the second viewing and editing authority 
40 set for each user of the group 1 005. 

[0036] In these cases, the access rules may be de- 
fined to take OR between the first viewing and editing 
authority and the second viewing and editing authority. 
In another embodiment, the access rules may be de- 
45 fined to take AND between the first viewing and editing 
authority and the second viewing and editing authority. 
In another embodiment, the access rules may be de- 
fined in such a way that the first viewing and editing au- 
thority has priority over the second viewing and editing 
so authority vice versa. 

[0037] FIG. 4 shows a fourth exemplary data structure 
of an entry information element of a multifunctional prod- 
uct according to the first embodiment. In the following, 
the description of the same parts as those of FIG. 1 
55 through FIG. 3 is omitted. Referring to FIG. 4, entry in- 
formation portions 1001 a through 1001d represent in- 
formation on a single user for a multifunctional product. 
These entry information portions 1001 a through 1001d 
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are configured by classifying contents of the entry infor- 
mation element 1001 in FIG. 1 through FIG. 3. 
[0038] Specifically, the entry information portion 
1 001 a includes items such as a serial number, an owner 
ID and an owner group 1 002. The entry information por- 
tion 1 001 b includes items such as a registration number, 
a name, an email address, a FAX number, an SMB/FTP 
name and a user group 1003a. The entry information 
portion 1001c includes items such as a password, an 
SMB/FTP password and a user group 1003b. The entry 
information portion 1 001 d includes items such as a user 
name, use restriction information, charge data and a us- 
er group 1003c. 

[0039] The entry information portion 1 001 b is a group 
of items of the entry information element 1001 used by 
applications, and includes items, such as an email ad- 
dress and a FAX number, as general data. The entry 
information portion 1001c is configured from a group of 
items of the entry information 1 001 that should be con- 
cealed from other users, and includes items, such as a 
password and an SMB/FTP password, as personal da- 
ta. The entry information portion 1001d is configured 
from a group of items of the entry information element 
1001 used by a user administrator, and includes items, 
such as a user name, use restriction information and 
charge data, as management data. 
[0040] In the user group 1 003a, a user having manip- 
ulation authority on the entry information portion 1001b 
is registered. The user registered in the user group 
1 003a is allowed to view and edit the entry information 
portion 1001b, depending on the granted manipulation 
authority on the entry information portion 1001b. 
[0041] In the user group 1003b, a user having manip- 
ulation authority on the entry information portion 1001c 
is registered. The user registered in the user group 
1003b is allowed to view and edit the entry information 
portion 1001c, depending on the granted manipulation 
authority on the entry information portion 1001c. 
[0042] In the user group 1 003c, a user having manip- 
ulation authority on the entry information portion 1001c 
is registered. The user registered in the user group 
1003c is allowed to view and edit the entry information 
portion 1001 d, depending on the granted manipulation 
authority on the entry information portion 1001d. 
[0043] In the entry information element 1001 shown 
in FIG. 4, an owner group 1 002 is set for the entry infor- 
mation portion 1001a. Also, in the entry information el- 
ement 1 001 , user groups 1 003a through 1 003c are pro- 
vided to the entry information portions 1001b through 
1001 d, respectively. In other words, access rules to re- 
strict user's manipulation on the entry information ele- 
ment 1 001 can be defined for each information item por- 
tion (for each of the entry information portions 1001a 
through 1001d in the illustration of FIG. 4) classified 
based on kinds of the individual items of the entry infor- 
mation element 1001 . 

[0044] FIG. 5 shows a fifth exemplary data structure 
of an entry information element of a multifunctional prod- 



uct according to the first embodiment. In the following, 
the description of the same parts as those shown in FIG. 
1 through FIG. 4 is omitted. 

[0045] Referring to FIG. 5, entry information portions 
5 1 001 a and 1 001 e represent information on a single user 
of a multifunctional product according to the first embod- 
iment. 

[0046] Specifically, the entry information portion 
1 001 a includes items such as a serial number, an owner 

10 ID, and an owner group 1 002. Also, the entry information 
portion 1001e includes items such as a registration 
number, a name, an email address, a FAX number, an 
SMB/FTP name : a password, an SMB/FTP password, 
a user name, use restriction information, charge data 

15 and respective user groups 1003a through 1003j. 

[0047] In the user groups 1003a through 1003j,auser 
having manipulation authority on each item of the entry 
information portion 1001e is registered. For example, a 
user registered in the user group 1 003a is allowed to 

20 view and edit the item "registration number" of the entry 
information portion 1 001 e corresponding to granted ma- 
nipulation authority on the item "registration number". 
[0048] In the entry information 1001 shown in FIG. 5, 
the owner group 1002 is set for the entry information 

25 portion 1001a. Also, the user groups 1003a through 
1 003j are set for each item of the entry information por- 
tion 1 001 e of the entry information element 1001 shown 
in FIG. 5. In other words, access rules to restrict user's 
manipulation on the entry information element 1001 can 

30 be set for each item of the entry information portion 
1 001 e of the entry information element 1 001 . 
[0049] According to the user groups 1 003 and 1 003a 
through 1003j shown in FIG. 1 through FIG. 5, access 
rules are defined from the viewpoint of users. In another 

35 embodiment, however, the access rules may be defined 
from the viewpoint of functions. FIG. 6 shows a sixth ex- 
emplary data structure of an entry information element 
of a multifunctional product according to the first embod- 
iment. The entry information element shown in FIG. 6 is 

40 the same as that shown in FIG. 1 except for a portion of 
the user group 1003, and the description of the same 
parts is omitted. 

[0050] The user group 1003 includes a group 1003k 
of users having viewing authority on the entry informa- 
45 tion element 1001 , a group 10031 of users having edit- 
ing authority on the entry information element 1 001 , and 
a group 1 003m of users having deleting authority on the 
entry information element 1001 . 

[0051 ] A user registered in the group 1 003k is allowed 
50 to perform a viewing manipulation on the entry informa- 
tion element 1 001 . A user registered in the group 1 0031 
is allowed to perform an editing manipulation on the en- 
try information element 1 . A user registered in the group 
1003m is allowed to perform a deleting manipulation on 
55 the entry information element 1 001 . 

[0052] In the entry information element 1001 shown 
in FIG. 6, an owner group 1002 and a user group 1003 
are set for the whole entry information element 1001. 
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Also, the user group 1003 shown in FIG. 6 is not set 
from the viewpoint of users. In other words, the groups 
1 003k through 1 003m are set from the viewpoint of func- 
tions, Thus, if the groups 1003k through 1003m are de- 
fined, function-based access rules can be also reused 
for another entry information element 1 001 . As a result, 
it is possible to register the user group 1003 more effi- 
ciently. The same discussion with reference to FIG. 2 
through FIG. 5 can be also applied to the entry informa- 
tion 1001 and the user group 1003 shown in FIG. 6. 
[0053] According to the user groups 1 003 and 1 003a 
through 1003m shown in FIG. 1 through FIG. 6, manip- 
ulation authority on the entry information element 1001 
and the entry information portions 1 001 a through 1 001 e 
can be set for each of the groups 1 004 and 1005 com- 
posed of a single user or a collection of users, in another 
embodiment, however, the manipulation authority can 
be set for all users. 

[0054] If the manipulation authority on the entry infor- 
mation element 1 001 and the entry information portions 
1001a through 1001e can be set for all the users, a 
smaller data capacity has only to be used to register all 
the users in the user groups 1003 and 1003a through 
1 003j. As a result, it is possible to save the memory ca- 
pacity of the multifunctional product. 
[0055] Exemplary structure and operation of a multi- 
functional product as an embodiment of an information 
processing apparatus to implement an entry information 
management method according to the present invention 
are described with reference to FIG. 7 and FIG. 8. 
[0056] FIG. 7 shows an exemplary functional struc- 
ture of a multifunctional product according to the first 
embodiment. 

[0057] Referring to FIG. 7, a multifunctional product 
1010 includes a plotter 1011, a scanner 1012, other 
hardware resources 1013 such as a facsimile, a soft- 
ware set 1020 and an activation part 1015. 
[0058] The software set 1 020 includes an application 
set 1030 that can be executed on an operating system 
(OS) such as UNIX (registered trademark) and a plat- 
form 1040. 

[0059] The application set 1 030 implements a printer 
function, a copier function, a facsimile function, a scan- 
ner function and others. The application set 1030 in- 
clude a printer application 1031, a copier application 
1032, a FAX application 1033, a scanner application 
1034 and a network file application 1035. The platform 
1040 includes a control service 1041 that interprets 
process requests from the application set 1030 and is- 
sues acquisition requests for hardware resources, a 
system resource manager (SRM) 1042 that manages 
the hardware resources and arbitrages the acquisition 
requests from the control service 1041, and a handler 
layer 1043 that, in response to the acquisition requests 
from SRM 1042, manages the hardware resources. 
[0060] The control service 1 041 includes one or more 
service modules such as a system control service (SCS) 
1044, a network control service (NCS) 1045, a delivery 



control service (DCS) 1046, an operation panel control 
service (OCS) 1 047, a FAX control service (FCS) 1048, 
an engine control service (ECS) 1 049, a memory control 
service (MCS) 1 050, a user information control service 
5 (UCS) 1051 and a certification control service (CCS) 
1052. 

[0061] Here, the platform 1040 is configured to have 
an application interface (API) 1 053 that enables process 
requests to be received from the applications 1030 by 
10 using a predefined function. OS executes software 
items of the application set 1 030 and the platform 1 040 
as processes in parallel. UCS 1 051 stores user informa- 
tion in a storage device such as HDD (Hard Disk Drive), 
and manages the stored user information. For example, 
15 UCS 1051 stores an entry information element 1001 in 
a storage device such as HDD, and manages the stored 
entry information element 1001. CCS 1052 provides 
certification services to the application set 1030. 
[0062] The handler layer 1 043 includes a FAX control 
20 unit handler (FCUH) 1 054 that manages a FAX control 
unit (FCU), and an image memory handler (IMH) 1055 
that allocates processes to memory areas and manages 
the allocated memory areas. By using an engine l/F 
1056 that enables process requests for the hardware 
25 resources to be transmitted by means of a predefined 
function, SRM 1042 and FCUH 1054 issue the process 
requests for the hardware resources. 
[0063] In the platform 1 040, the multifunctional prod- 
uct 1010 can collectively perform processes that indi- 
30 vidual applications require in common. For example, 
Japanese Laid-Open Patent Application No. 
2002-084383 discloses the functional structure of the 
multifunctional product 1001 shown in FIG. 7 in detail. 
Next, an exemplary hardware configuration of the mul- 
35 Afunctional product 1 01 0 is described. 

[0064] FIG. 8 shows an exemplary hardware config- 
uration of a multifunctional product according to the first 
embodiment. Referring to FIG. 8, the multifunctional 
product 1010 includes a controller 1060, an operation 
40 panel 1080, FCU 1081 and an engine part 1082. The 
controller 1060 includes CPU (Central Processing Unit) 
1 061 , a system memory 1 062, a north bridge (NB) 1 063, 
a south bridge (SB) 1 064, ASIC (Application Specific In- 
tegrated Circuit) 1066, a local memory 1 067, HDD 1068, 
45 a network interface card (NIC) 1 069, a USB (Universal 
Serial Bus) device 1071 , an IEEE1394 device 1 072 and 
a Centronics 1073. For example, Japanese Laid-Open 
Patent Application No. 2002-084383 discloses the hard- 
ware configuration of the multifunctional product 1010 
so shown in FIG. 8 in detail. 

[0065] When the multifunctional product 1 01 0 is pow- 
ered ON, the activation part 1015 shown in FIG. 7 first 
starts the application set 1 030 and the platform 1 040 on 
OS. When the application set 1030 and the platform 
55 1 040 are activated, the multifunctional product 1 01 0 dis- 
plays a login screen 1100, as shown in FIG. 9, on the 
operation panel 1080. 

[0066] FIG. 9 through FIG. 15 show a series of exem- 
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plary screens displayed on the operation panel 1080. 
An exemplary process for a user administrator to login 
the multifunctional product 1 01 0 and register a new user 
in the multifunctional product 1 01 0 is described with ref- 
erence to FIG. 9 through FIG. 15. Referring to FIG. 9, 
after the user administrator inputs his/her user name 
and password in the login screen 1100, a screen 1110 
is displayed. When the user administrator pushes an 
"EXECUTE" button 1111 on the screen 1110, the multi- 
functional product 1010 displays a screen 1120, which 
represents that certification is being processed, on the 
operation panel 1080. 

[0067] The multifunctional product 1010 uses CCS 
1 052 to authenticate the user name and password sup- 
plied via the screen 1110. Based upon the certification 
result, the multifunctional product 1010 determines that 
a user administrator has logged in, and then displays an 
initial setting screen 1130, as shown in FIG. 10, on the 
operation panel 1080. If the logging-in user is such a 
user administrator to be not charged, the multifunctional 
product 1010 displays the initial setting screen 1130 
rather than a copying screen, for example. When the 
user administrator pushes an "SYSTEM INITIAL SET- 
TING" button 1131 in the screen 1130, the multifunction- 
al product 1010 displays a system initial setting screen 
1140 on the operation panel 1080. 
[0068] When the user administrator pushes an "AD- 
MINISTRATOR SETTING 0 button 1141 in the screen 
1140, the multifunctional product 1010 displays an ad- 
ministrator setting screen 1150 on the operation panel 
1080. When the user administrator pushes a "NEXT 1 
button 1151 in the screen 1150, the multifunctional prod- 
uct 1010 displays a screen 1160, as shown in FIG. 11, 
on the operation panel 1080. When the user adminis- 
trator pushes a "REGISTER/CHANGE/DELETE AD- 
DRESS 0 button 161 in the screen 1160, the multifunc- 
tional product 1010 displays a "NEW REGISTRATION" 
button 1 1 62 on the operation panel 1 080. When the user 
administrator pushes the "NEW REGISTRATION" but- 
ton 1162, the multifunctional product 1010 displays a 
screen 1170 for registering/changing an address book 
on the operation panel 1080. 

[0069] In the illustration, among some "REGISTEFV 
CHANGE ADDRESS BOOK" screens, the multifunc- 
tional product 1010 displays the screen 1170 for regis- 
tering/changing general information on the operation 
panel 1080. Name and registration number of a newly 
registered user supplied by the user administrator are 
shown in the screen 1170. The user administrator can 
use the screen 1170 to register the name and the reg- 
istration number of the new user. When the user admin- 
istrator pushes an "EMAIL" button 1171 in the screen 
1 1 70, the multifunctional product 1 01 0 displays a screen 
1180 for registering/changing email information on the 
operation panel 1080. An email address of the newly 
registered user is shown in the screen 1180. The user 
administrator can use the screen 1180 to register the 
email address of the newly registered user. 



[0070] By using the screens 1170 and 1180, the user 
administrator can create an address book (entry infor- 
mation element) as illustrated in FIG. 16. FIG. 16 is a 
diagram for explaining an exemplary procedure of cre- 

5 ating an entry information element. In the entry informa- 
tion element 1001 shown in FIG. 16, the name and the 
registration number supplied via the screen 1170, the 
email address supplied via the screen 1180, an owner 
ID representing the user administrator, and a user group 

10 1003 are registered. Currently, no user is registered in 
the owner group of the entry information element 1001 . 
Also, it is noted that the user administrator is registered 
in the user group 1003. 

[0071] When the user administrator pushes an "AD- 

15 DRESS PROTECTION" button 1181 in the screen 11 80, 
the mu Itif unctional product 1 01 0 displays a screen 1190, 
as shown in FIG. 12, for registering/changing address 
protection information on the operation panel 1080. 
Since the user administrator is not currently registered 

20 in the owner group 1002, a"CHANGE" button for chang- 
ing registered contents of the owner group 1002 is dis- 
played in the screen 1190 in a (thinner-colored) status 
where the user administrator cannot select the 
"CHANGE" button. 

25 [0072] When the user administrator pushes a 
"CHANGE" button 1191 for changing registered con- 
tents of the user group in the screen 1 1 90, the multifunc- 
tional product 1010 displays a user group registration/ 
change screen on the operation panel 1 080. For exam- 

30 pie, buttons 192 through 194 representing individual us- 
ers, a button 1195 representing a group composed of 
one or more users, and a button 1196 representing ail 
users are displayed. 

[0073] The user administrator can register a user, a 

35 group or all the users in the user group 1 003 by pushing 
one of the buttons 1192 through 1196. Also, for each 
user, each group or all users registered in the user group 
1003, the user administrator can use a screen 1200 or 
1210 to set viewing authority or editing authority over 

40 the entry information element 1001 to be newly regis- 
tered. The illustrated screen 1 200 is for setting the view- 
ing authority and the editing authority over the newly 
registered entry information element 1001 for each user 
or each group registered in the user group 1003. The 

45 illustrated screen 1 21 0 is for setting the viewing author- 
ity and the editing authority over the newly registered 
entry information element 1001 for all users. 
[0074] By using the screen 1 200, the user administra- 
tor can create an entry information element 1001 as 

50 shown in FIG. 17 from the entry information 1001 as 
shown in FIG. 16. FIG. 17 is another diagram for ex- 
plaining the procedure of creating an entry information 
element according to the first embodiment. In the entry 
information element 1001 shown in FIG. 17, the user 

55 administrator can register a user and a group in the user 
group 1003 by pushing the buttons 1192 through 1195 
in FIG. 12, and additionally set the viewing authority and 
the editing authority over the entry information element 
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1001 for each of the registered users and groups. 
[0075] Also, by using the screen 1210, the user ad- 
ministrator can create an entry information element 
1001 as shown in FIG. 18 from the entry information el- 
ement 1001 as shown in FIG. 16. FIG. 18 is another di- 
agram for explaining the procedure of creating an entry 
information element according to the first embodiment. 
In the entry information element 1001 shown in FIG. 18, 
the user administrator can register all users in the user 
group 1003 by pushing the button 1196, and set the 
viewing authority and the editing authority over the entry 
information element 1001 for all the users. 
[0076] In this manner, the entry information element 
1001, which is used as address information, has been 
registered. However, the following process is addition- 
ally required to register the entry information element 
1001 on the single user. When the user administrator 
pushes a "PERSONAL INFO" button 1201 in the screen 
1200 or a "PERSONAL INFO" button 1211 in the screen 
1210, the multifunctional product 1010 displays a 
screen 1 220, as shown in FIG. 13, for registering/chang- 
ing personal information on the operation panel 1080. 
The illustrated screen 1220 is for inputting a user name 
of the user to be newly registered and a function avail- 
able to the user. The user administrator can use the 
screen 1220 to register the user name and the available 
function of the user. 

[0077] By using the screen 1 220, the user administra- 
tor can create an entry information element 1001 as 
shown in FIG. 19 from the entry information .element 
1001 as shown in FIG. 17. FIG. 19 is a diagram for ex- 
plaining the procedure of creating an entry information 
element according to the first embodiment. In the entry 
information element 1001 shown in FIG. 19, the user 
name and the available function supplied via the screen 
1220 are set, and the available function is used as use 
restriction information. 

[0078] Now, it is noted that the owner ID of the entry 
information element 1001 represents not the user ad- 
ministrator but the registered user being an owner of the 
entry information element 1001 (hereinafter which is 
simply referred to as an owner). In other words, the own- 
er of the entry information element 1001 is switched 
from the user administrator to the registered user. Also, 
the owner is automatically set to the owner group 1 002 
and the user groups 1G03a and 1003b. 
[0079] Then, when the user administrator pushes the 
"ADDRESS PROTECTION" button 1221 in the screen 
1220, the multifunctional product 1010 displays a 
screen 1230 for registering/changing address protec- 
tion information on the operation panel 1080. When the 
user administrator pushes a'^HANGE" button 1231 for 
changing the password, the multifunctional product 
1010 displays a screen 1240 for registering/changing 
the password on the operation panel 1 080. The user ad- 
ministrator uses a software keyboard displayed on the 
screen 1240 to input a temporary password, such as 
"password", and then pushes an "OK" button 1241 



[0080] When the user administrator pushes the "OK" 
button 1241 in the screen 1240, the multifunctional prod- 
uct 1010 displays a screen 1250, as shown in FIG. 14, 
for inputting the same password one more time on the 
5 operation panel 1 080. The user administrator uses the 
software keyboard in the screen 1 250 to input the same 
password as that supplied via the screen 1 240, and then 
pushes the "OK" button 1 251 . In this manner, if the pass- 
word is input twice, it is possible to prevent password 
10 registration mistakes. 

[0081] When the user administrator pushes the "OK" 
button 1251 in the screen 1250, the multifunctional prod- 
uct 1010 displays a screen 1260 for registering/chang- 
ing address protection information on the operation pan- 
15 el 1080. When the user administrator pushes a "SET" 
button 1261 in the screen 1260, the multifunctional prod- 
uct 1010 registers the user information supplied via the 
screens 1170 through 1250 in the address book, and 
then displays a screen 1270 similar to the screen 1160 
20 on the operation panel 1 080. 

[0082] When the user administrator pushes an "END" 
button 1271 in the screen 1270, the multifunctional prod- 
uct 1010 displays an initial setting screen 1280, as 
shown in FIG. 15, on the operation panel 1080. When 
25 the user administrator pushes a "LOGOUT 1 button 1 281 
in the screen 1 280, the multifunctional product 1 01 0 per- 
forms a logout operation. Also, when a clear key or a 
reset key mounted in the multifunctional product 1010 
is pushed, the multifunctional product 101 0 performs the 
30 logout operation. Then, after the multifunctional product 
1010 completes the logout operation, for example, the 
multifunctional product 1010 displays the login screen 
1100 on the operation panel 1080 again. 
[0083] As the above manner, the user administrator 
35 can register the entry information element 1 001 . Then, 
a (common) user of the multifunctional product 10 per- 
forms the following operation on the entry information 
element 1001. FIG. 20 through FIG. 22 show a series 
of exemplary screens displayed on the operation panel 
40 1080. Here, an operation for the owner of entry informa- 
tion element 1001 to login the multifunctional product 
1 01 0 and change the registered password is described. 
The multifunctional product 1 01 0 displays a login screen 
1 300, as shown in FIG. 20, on the operation panel 1 080. 
45 The user name and the password supplied by the owner 
via the screen 1300 are illustrated in a screen 1310. 
When the owner pushes an "EXECUTE" button 1311 in 
the screen 1310, the multifunctional product 1010 dis- 
plays a screen 1 320, indicating that certification is being 
so processed, on the operation panel 1080. 

[0084] The multifunctional product 1010 uses CCS 
1052 to authenticate the user name and the password 
supplied via the screen 1 31 0. Based upon the certifica- 
tion result, the multifunctional product 1010 determines 
55 that the logging-in user is the owner of the entry infor- 
mation element 1001 , and displays a function available 
to the user depending on use restriction information of 
the entry information element 1001 on the operation 
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panel 1080. In the illustration, the multifunctional prod- 
uct 1010 displays a copying screen 1330, as shown in 
FIG. 21, on the operation panel 1080. 
[0085] When the owner pushes an "INITIAL SET- 
TING" button 1331 in the screen 1330, the multifunc- 
tional product 1010 displays an initial setting screen 
1340 on the operation panel 1080. When the owner 
pushes a "SYSTEM INITIAL SETTING" button 1341 in 
the screen 1340, the multifunctional product 1010 dis- 
plays a system initial setting screen 1350 on the opera- 
tion panel 1080. When the owner pushes an "ADMIN- 
ISTRATOR SETTING" button 1351 in the screen 1350, 
the multifunctional product 1 01 0 displays an administra- 
tor setting screen 1360, as shown in FIG. 22, on the op- 
eration panel 1080. 

[0086] When the owner pushes a "NEXT' button 1361 
in the screen 1 360, the multifunctional product 1010 dis- 
plays a screen 1 370 on the operation panel 1 080. When 
the owner pushes a "REGISTER/CHANGE/DELETE 
ADDRESS BOOK" button 1 371 in the screen 1 370, the 
multifunctional product 1010 displays a button 1372 for 
selecting the entry information element 1001 on the 
owner on the operation panel 1 080. 
[0087] When the owner pushes the button 1372, the 
multifunctional product 1010 displays a default screen 
for registering/changing the address book on the oper- 
ation panel 1 080. Subsequently, when the owner push- 
es an "ADDRESS PROTECTION" button in the screen, 
the multifunctional product 1 01 0 displays a screen 1380 
for registering/changing address protection information 
on the operation panel 1080. Since the owner is regis- 
tered in the owner group 1002, a "CHANGE" button 
1382 for changing registered contents of the owner 
group 1002 is displayed in the screen 1380 in a status 
where the owner can push the "CHANGE" button 1 382. 
[0088] When the owner pushes a "CHANGE" button 

1 381 for changing the password in the screen 1 380, the 
multifunctional product 1010 displays the screen 1240, 
as shown in FIG. 13, for registering/changing the pass- 
word on the operation panel 1080. Here, the owner can 
register a new password as in the above-mentioned 
password registration executed by a user administrator. 
For example, when the owner sets "#6%qpHiwY34T" as 
the new password, the owner can create the entry infor- 
mation element 1001 as shown in FIG. 23. FIG. 23 is a 
diagram for explaining a procedure of creating an entry 
information element. Now, the input character string 
"#6%qpHiwY34T M is set as the password in the entry 
information portion 1001b shown in FIG. 23. 

[0089] When the owner pushes a "CHANGE" button 

1382 for changing owner group registration in the 
screen 1380, the multifunctional product 1010 displays 
a default screen for registering/changing the owner 
group 1 002 on the operation panel 1 080. Here, the own- 
er can register/change the owner group 1002 as in the 
above-mentioned registration/change operation of the 
user group 1003 executed by a user administrator ex- 
cept for setting up of viewing authority and editing au- 



thority. 

[0090] For example, when the owner registers users 
having IDs "1 234567890" and "0987654321 " in the own- 
er group 1002, the owner can create the owner group 

5 1002 as shown in FIG. 24. FIG. 24 is a diagram for ex- 
plaining a procedure of creating an entry information el- 
ement 1001 . FIG. 24 shows that the users having the 
IDs "1 234567890" and "0987654321" are registered in 
the owner group 1 002. 

10 [0091] In the above example, although the user ad- 
ministrator and the user (owner) are authenticated at 
start time of the above-mentioned operations, the au- 
thentication may be conducted at any necessary time. 
Alternatively, one of the user administrator and the user 

is may not be authenticated. 

[0092] FIG. 25 and FIG. 26 show a series of exempla- 
ry screens displayed on the operation panel 1 080 during 
a certification process of a user administrator or a user. 
The multifunctional product 1010 displays a login screen 

20 1400 on the operation panel 1080. A screen 1410 shows 
that a user administrator has supplied a user name and 
a password via the screen 1 400. When the user admin- 
istrator pushes an "EXECUTE" button 1411 in the 
screen 1410, the multifunctional product 1010 displays 

25 a screen 1420, indicating that the certification is being 
processed, on the operation panel 1080. 
[0093] The multifunctional product 1010 uses CCS 
1052 to authenticate the user name and the password 
supplied via the screen 141 0- Based upon the certifica- 
te? tion result, the multifunctional product 1 01 0 determines 
that the logging-in user is the user administrator, and 
then displays a screen 1430, as shown in FIG. 26, indi- 
cating that the use of an application function is restrict- 
ed, on the operation panel 1 080. When the user admin- 

35 istrator pushes an "INITIAL SETTING" button 1431 in 
the screen 1430, the multifunctional product 1010 dis- 
plays an initial setting screen 1 440 on the operation pan- 
el 1080. 

[0094] Also, when the user administrator pushes a 

40 "SYSTEM INITIAL SETTING" button 1441 in the screen 
1440, the multifunctional product 1010 displays a sys- 
tem initial setting screen 1450 on the operation panel 
1080. When the user administrator pushes an "ADMIN- 
ISTRATOR SETTING" button 1451 in the screen 1450, 

45 the multifunctional product 1 01 0 displays an administra- 
tor setting screen (not illustrated) on the operation panel 
1 080. Since the user administrator logins the multifunc- 
tional product 1 01 0 as a user administrator, the user ad- 
ministrator can continue setting up as a user adminis- 

50 trator. On the other hand, if the user administrator does 
not login as a user administrator, the multifunctional 
product 1 01 0 prompts the user administrator to login as 
a user administrator in response to depression of the 
"ADMINISTRATOR SETTING" button 1451 in the 

55 screen 1450. 

[0095] FIG. 27 and FIG. 28 show a series of exempla- 
ry screens displayed on the operation panel when a user 
administrator is authenticated and a user is not authen- 
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ticated. After powered ON, the multifunctional product 
1 01 0 displays a copying screen 1500 on the operation 
panel 1080, depending on use restriction information of 
the entry information element 1 001 . 
[0096] When the user pushes an "INITIAL SETTING" 
button 1501 in the screen 1500, the multifunctional prod- 
uct 1010 displays an initial setting screen 1510 on the 
operation panel 1 080. When the user pushes a "LOGIN" 
button 1511 on the screen 1510, the multifunctional 
product 1010 displays a login screen 1530, as shown in 
FIG. 28, on the operation panel 1080. A screen 1540 
shows that a user name and a password have been sup- 
plied by the user administrator via the screen 1530. 
When the user administrator pushes an "EXECUTE" 
button 1541 in the screen 1540, the multifunctional prod- 
uct 1 01 0 displays a screen 1 550, indicating that the cer- 
tification is being processed, on the operation panel 
1080. 

[0097] The multifunctional product 1010 uses CCS 
1052 to authenticate the user name and the password 
supplied via the screen 1540. Based upon the certifica- 
tion result, the multifunctional product 1 01 0 determines 
that the logging-in user is a user administrator, and then 
displays an administrator setting screen 1 560 on the op- 
eration panel 1080. When the user pushes an "INITIAL 
SYSTEM SETTING" button 1511 in the screen 1 51 0 : the 
multifunctional product 1010 may display a login screen 
1530 on the operation panel 1 080. 
[0098] FIG. 29 and FIG. 30 show a series of exempla- 
ry screens displayed on the operation panel 1080 when 
the user is authenticated and the user administrator is 
not authenticated. The multifunctional product 1010 dis- 
plays a login screen 1600 on the operation panel 1080. 
The user inputs a user name and a password in the 
screen 1600. and then pushes an "EXECUTE" button 
1 601 in the screen 1 600. When the "EXECUTE" button 
1601 is pushed, the multifunctional product 1010 uses 
CCS 1 052 to authenticate the user name and the pass- 
word supplied via the screen 1600. 
[0099] Based upon the certification result, the multi- 
functional product 1010 determines that the logging-in 
user is a user, and then displays an initial setting screen 
1 61 0 on the operation panel 1 080. When the user push- 
es a "SYSTEM INITIAL SETTING" button 1611 in the 
screen 1610, the multifunctional product 1010 displays 
a system initial setting screen 1620 on the operation 
panel 1080. When the user pushes an "ADMINISTRA- 
TOR SETTING" button 1621 in the screen 1620, the 
multifunctional product 1010 displays an administrator 
setting screen 1630, as shown in FIG. 30, on the oper- 
ation panel 1080. Since the certification of a user ad- 
ministrator is not performed, the user can continue ad- 
ministrator setting. 

[0100] In the entry information element 1001 shown 
in FIG. 1 through FIG. 6, permission or denial of viewing 
manipulation and editing manipulation on the entry in- 
formation element 1001 is set for each user or each 
group 1 004 and 1 005. Thus, an address book displayed 



on the operation panel 1 080 can be restricted as follows. 
FIGS. 31 A and 31 B show an exemplary entry informa- 
tion element on a user having viewing authority or edit- 
ing authority and an exemplary entry information ele- 
5 ment on a user that does not have either viewing au- 
thority or editing authority. 

[0101] FIG. 31 A shows an exemplary entry informa- 
tion element on the user "Taro Ricoh" of the registration 
number "0001 2" wherein the user has viewing authority 
10 or editing authority. FIG. 31 B shows an exemplary entry 
information element on the user "Taro Ricoh" of the reg- 
istration number "00012" wherein the user does not 
have the viewing authority or the editing authority. 
[0102] FIG. 32 is a diagram for explaining a procedure 
15 of displaying an address book according to the first em- 
bodiment. For example, the user 'Taro Ricoh" of the reg- 
istration number "00012" inputs a user name and a 
password in a login screen 1 700 displayed on the oper- 
ation panel 1080. A screen 1710 shows the user name 
20 and the password has been supplied by the user 'Taro 
Ricoh" of the registration number "00012" via the screen 
1700. 

[0103] When an "EXECUTE" button 1711 in the 
screen 1 71 0 is pushed , the multifunctional product 1010 
25 selects an entry information element 1001 from an ad- 
dress book, shown in FIG. 31 A, over which the user 
"Taro Ricoh" of the registration number "00012" has 
viewing authority crediting authority. The entry informa- 
tion element 1001 can be selected by selecting a user 
30 group including the user "Ricoh Taro" of the registration 
number "00012". 

[01 04] When an application that makes use of the en- 
try information 1001 (for example, the scanner applica- 
tion 1034) is selected, the multifunctional product 1010 
35 displays a screen 1720 including the entry information 
element 1 001 in FIG. 31 A as a destination on the oper- 
ation panel 1080. In this manner, the multifunctional 
product 1010 can display only entry information items 
over which a logging-in user has viewing authority or ed- 
40 iting authority on the operation panel 1 080. 

[01 05] In the above, the procedure of creating the en- 
try information element 1001 has been described with 
reference to exemplary screens displayed on the oper- 
ation panel 1 080. In the following, the procedure of cre- 
45 ating the entry information element 1001 is described 
with reference to a sequence diagram shown in FIG. 33. 
The procedure of creating the entry information element 
1001 is described with reference to the screens 1100 
through 1280. 

so [01 06] FIG . 33 is a sequence diagram of an exempla- 
ry procedure of creating an entry information element 
according to the first embodiment. It is supposed that 
the multifunctional product 1010 first has used the 
screens 1100 through 1120 to authenticate a user and 
55 determines that the logging-in user is a user administra- 
tor. 

[0107] At step S1 001 , CCS 1 052 of the multifunctional 
product 1010 supplies to SCS 1 044 a ticket to prove that 
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the logging-in user has been authenticated as a user 
administrator. At step S1002, SCS 1044 creates the 
screen 1130. At step S1 003, SCS 1044 issues a screen 
displaying request to OCS 1047. 
[0108] At step S1 004, the user administrator performs 
a key input operation by pushing the "SYSTEM INITIAL 
SETTING" button 1131 in the screen 1130. OCS 1047 
supplies contents of the key input operation to SCS 
1044. At step S1005, SCS 1044 creates the screen 
1 1 40. At step S1 006, SCS 1 044 issues a screen display- 
ing request to OCS 1 047. In the following, the screens 
1150 and 1160 are similarly displayed on the operation 
panel 1080. 

[0109] At step S1007, SCS 1044 issues an address 
book search request together with the ticket to UCS 
1051. At step S1008, UCS 1051 creates an address 
book cache for the logging-in user administrator. At step 
S1009, UCS 1051 supplies the created address book 
list to SCS 1044. 

[0110] At step S1010, SCS 1044 creates an address 
book list screen. At step S1011, SCS 1044 issues a 
screen displaying request to OCS 1047. At step S1012, 
the user administrator performs a key input operation by 
pushing one or more entry buttons included in the ad- 
dress book list or the "NEW REGISTRATION" button 
1162. Now, it is supposed that the "NEW REGISTRA- 
TION" button 1612 has been pushed. OCS 1047 sup- 
plies contents of the key input operation to SCS 1044. 
[0111] At step S1 01 3, SCS 1 044 creates the screen 
1 1 70. At step S1 01 4, SCS 1 044 issues a screen display- 
ing request to OCS 1047. In the following, the screens 
1180 through 1260 are similarly displayed on the oper- 
ation panel 1080. Then, when the "SET 1 button 1261 in 
the screen 1 260 is pushed, SCS 1 044 proceeds to step 
S1 015, and generates address book data to register us- 
er information supplied via the screens 1170 through 
1 250 in the address book. At step S1 01 6, SCS 1 044 can 
create the entry information element 1001 by using the 
generated address book data to issue a registration re- 
quest to UCS 1051. 

[0112] Here : there is a case where even a user reg- 
istered in the owner group 1002 is not allowed to delete 
a user registered in the user group 1 003. For example, 
while such a user registered in a user group 1 003 logins 
the multifunctional product 1010, the user cannot be de- 
leted from the user group 1003. Also, for example, dur- 
ing login of a user registered in the user group 1003, 
edited contents of the entry information element 1001 
on the user is not reflected until the user logins the mul- 
tifunctional product 1 010 at the next time. 
[0113] In addition, an entry information element 1001 
on a user that temporarily makes use of a copier function 
(hereinafter which is referred to as a guest user) is con- 
figured as shown in FIG. 34. FIG. 34 shows a seventh 
exemplary data structure of an entry information ele- 
ment of a multifunctional product according to the first 
embodiment. Since a guest user is to simply use the 
multifunctional product 1 01 0, it is unnecessary to set an 



email address and a FAX number for the guest user. 
Thus, the entry information element 1001 shown in FIG. 
34 includes only an owner ID, an owner group 1 002, us- 
er groups 1003a through 1003c, a registration number, 

5 a name, a user name and use restriction information. 
[0114] Such a guest user is not registered in the own- 
er group 1002. Also, since the guest user is not regis- 
tered in the user group 1003a, the guest user is not al- 
lowed to view and edit entry information elements 1 001 

10 on other users. However, since the guest user is allowed 
to view the user group 1 003c, the guest user can check 
the use restriction information. 

[0115] Here, manipulation corresponding to the 
above-mentioned viewing authority "R" and editing au- 

15 thority "W" may be fixed. Alternatively, the manipulation 
may be changeable as follows. FIG. 35 shows a table 
representing an exemplary policy to define manipula- 
tions corresponding to various kinds of authority. In FIG. 
35, a policy corresponding to a case where viewing au- 

20 thority and editing authority are included in manipulation 
authority is illustrated. 

[0116] For example, "view name and registration 
number" and "refer" operations are defined as manipu- 
lations corresponding to the viewing authority "R" in ac- 
25 cordance with the policy shown in FIG. 35. Also, "view 
name and registration number", "refer", and "change" 
operations are defined as manipulations corresponding 
to the editing authority "W". 

[0117] In the policy shown in FIG. 35, a user having 

30 the viewing authority "R" can perform the "view name 
and registration number" and "refer" operations. Also, a 
user having the editing authority "W" can perform the 
"view name and registration number", "refer" and 
"change" operations. If the policy shown in FIG. 35 is 

35 changed, it is possible to change manipulations corre- 
sponding to various kinds of authority. 
[01 18] A variation of a multifunctional product accord- 
ing to the first embodiment is described. 
[0119] In the first embodiment, the owner group 1002 

40 and the user group 1003 are separately set. However, 
it is possible to set owner authority to a user by using a 
policy shown in FIG. 36. FIG. 36 shows a table repre- 
senting an exemplary policy allowed to set owner au- 
thority to a user. 

45 [0120] In the policy shown in FIG. 36, in addition to 
the policy shown in FIG. 35, "view name and registration 
number" and "delete entry" operations are defined as a 
manipulation corresponding to the deleting authority 
"D". In addition, "view name and registration number", 

so "refer", "change" and "delete entry" operations are de- 
fined as manipulations corresponding to full control au- 
thority "O". Also, new authority "new role" may be de- 
fined in the policy shown in FIG. 36. 
[0121] The manipulation authority is composed of the 

55 viewing authority, the editing authority and the deleting 
authority. The full control authority includes the editing 
authority. For example, in the policy shown in FIG. 36, 
it is sufficient that the full control authority "O" is provided 
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to only a user that sets owner authority. Such a user hav- 
ing the owner authority has authority equivalent to au- 
thority set in the above-mentioned owner group 1002. 
[0122] FIG. 37 shows an eighth exemplary data struc- 
ture of an entry information element of a multifunctional t 
product according to the first embodiment. The entry in- 
formation element 1001 shown in FIG. 37 is the same 
as the entry information element 1001 shown in FIG. 4 
except for a portion thereof, and the description thereof 
is omitted. Entry information portions 1001f through 1 
1001i represent information on a user of the multifunc- 
tional product 1010. The entry information portions 
1001f through 1001 i are configured by classifying infor- 
mation items of the entry information element 1001 
shown in FIG. 1 through FIG. 3. 
[0123] The entry information portions 1001f includes 
a serial number and an owner ID. The entry information 
portion 1001g includes items such as a registration 
number, a name, an email address, a FAX number, an 
SMB/FTP name and a user list 1006a. The entry infor- 
mation portion 1001h includes items such as a pass- 
word, an SMB/FTP password, and a user list 1 006b. The 
entry information portion 1 001 d includes items such as 
a user name, use restriction information, charge data 
and a user list 1 006c. 

[0124] The user list 1006a includes users having ma- 
nipulation authority on the entry information portion 
1001g. A user registered in the user list 1006a can per- 
form manipulations on the entry information portion 
1 001 g depending on the manipulation authority on the 
entry information portion 1001g. Also, the user list 
1006b includes users having manipulation authority on 
the entry information portion 1001h. A user registered 
in the user list 1006b can perform manipulations on the 
entry information portion 1001 h depending on the ma- 
nipulation authority on the entry information portion 
1001h. 

[0125] The user list 1 006c includes users having ma- 
nipulation authority on the entry information portion 
1001L A user registered in the user list 1006c can per- 
form manipulations on the entry information portion 
1001 i depending on the manipulation authority on the 
entry information portion 1 001 i. Among users registered 
in the user lists 1 006a through 1 006c, a user having the 
full control authority has setting authority on the user 
lists 1 006a through 1 006c. in other words, the user hav- 
ing the full control authority has the owner authority. 
[0126] In the entry information element 1001 shown 
in FIG. 37, users having the owner authority and users 
having manipulation authority are set for the individual 
entry information portions 1 001 g through 1001 i. In other 
words, in the entry information element 1 001 , an access 
rule to restrict user's manipulation on the entry informa- 
tion element 1 001 can be defined for each portion (each 
of the entry information portions 1 001 g through 1 001 i in 
FIG. 37) classified based on item types of the entry in- 
formation element 1 001 . A method of setting owner au- 
thority for a user by using the policy as shown in FIG. 



36 can be applied to an entry information element 1001 
other than the above-mentioned entry information ele- 
ment 1001 shown in FIG. 6. 

[0127] If the policy shown in FIG. 36 is used, the view- 
ing authority, the editing authority, the editing/deleting 
authority or the full control authority can be set via a 
screen 1800 as shown in FIG. 38 for a user, a group 
composed of one or more users, or all users. FIG. 38 
shows an exemplary screen to set the viewing authority, 
o the editing authority, the deleting authority and the full 
control authority according to the first embodiment. 
[0128] FIG. 39 through FIG. 43 show a series of ex- 
emplary screens displayed on the operation panel 1 080. 
Now, it is supposed that the multifunctional product 1010 
5 uses the above-mentioned screens 1100 through 1120 
to authenticate a user and determines that the logging- 
in user is a user administrator. The multifunctional prod- 
uct 1010 moves to a screen 1900, as shown in FIG. 39, 
via the above-mentioned screens 1130 through 1150. 
?0 When the user administrator pushes a "REGISTER/ 
CHANGE/DELETE ADDRESS BOOK" button 1901 in 
the screen 1900, the multifunctional product 1010 dis- 
plays a screen 1910 on the operation panel 1080. 
[0129] When the user administrator pushes a "NEW 
25 REGISTRATION" button 1911 in the screen 1910, the 
multifunctional product 1 01 0 displays a screen 1920 for 
registering/changing an address book on the operation 
panel 1080. The user administrator can use the screen 

1920 to register a name and a registration number of a 
30 user to be newly registered. When the user administra- 
tor pushes a "CERTIFICATION PROTECTION" button 

1921 in the screen 1920, the multifunctional product 
1010 displays a screen 1930 for registering/changing 
certification protection information on the operation pan- 

35 el 1 080. 

[0130] When the user administrator pushes a "REG- 
ISTER/CHANG E/DELETE" button 1931 in the screen 
1930, the multifunctional product 1010 displays a 
screen 1940, as shown in FIG. 40, for setting viewing 

40 authority, editing authority, editing/deleting authority or 
full control authority for a user, a group composed of one 
or more users or all users on the operation pane! 1080. 
In the screen 1940, a button to represent a registered 
user, a registered group or all users and a button to rep- 

45 resent the viewing authority, the editing authority, the ed- 
iting/deleting authority or the full control authority set for 
the registered user, the registered group or all users are 
displayed. 

[0131] When the user administrator pushes a button 
so 1941 representing the user "Hanako Yamada" in the 
screen 1940, the multifunctional product 1010 displays 
a screen 1950 for setting the viewing authority, the ed- 
iting authority, the editing/deleting authority or the full 
control authority of the user "Hanako Yamada" on the 
55 operation panel 1 080. In the illustrated screen 1 950, the 
editing authority set for the user "Hanako Yamada" is 
highlighted. When the user administrator pushes a but- 
ton 1951 to represent the full control authority in the 
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screen 1950, the multifunctional product 1010 displays 
a screen 1960 having a highlighted button 1961 repre- 
senting the full control authority of the user "Hanako Ya- 
mada" on the operation panel 1080. In other words, the 
user "Hanako Yamada" is provided with the owner au- 
thority. 

[0132] Next, a series of exemplary screens to newly 
register a user in the user lists 1 006a through 1 006c and 
set the viewing authority, the editing authority, the edit- 
ing/deleting authority or the full control authority for the 
user are described. When the user administrator pushes 
a "NEW REGISTRATION" button 1971 in a screen 1970 
as shown in FIG. 41, the multifunctional product 1010 
displays a screen 1980 on the operation panel 1080. 
When the user administrator pushes a button 1 981 rep- 
resenting a user "Souzi Okita" in the screen 1980, the 
multifunctional product 1010 displays a screen 1990 
having a highlighted button 1 981 on the operation panel 
1080. 

[0133] When the user administrator pushes a 
"CLOSE" button 1991 in the screen 1990, the multifunc- 
tional product 1010 displays a screen 2000 for setting 
the viewing authority, the editing authority, the editing/ 
deleting authority or the full control authority for a user, 
a group composed of one or more users or all users on 
the operation panel 1080. In the screen 2000, a button 
2001 representing the user "Souzi Okita" and a button 
representing the viewing authority provided to the user 
"Souzi Okita" are displayed. Also, buttons representing 
the editing authority, the editing/deleting authority and 
the full control authority are displayed in thinner color. 
[0134] Next, a series of exemplary screens to newly 
register all users in the user lists 1006a through 1006c 
and set the viewing authority, the editing authority, the 
editing/deleting authority or the full control authority for 
all the users are described. 

[0135] When the user administrator pushes a "NEW 
REGISTRATION" button 2101 in a screen 2100 as 
shown in FIG. 42, the multifunctional product 1010 dis- 
plays a screen 2200 on the operation panel 1 080. When 
the user administrator pushes a button 2201 represent- 
ing all users in the screen 2200, the multifunctional prod- 
uct 1010 displays a screen 2300 having a highlighted 
button 2201 on the operation panel 1080. 
[0136] When the user administrator pushes a 
"CLOSE" button 2301 in the screen 2300, the multifunc- 
tional product 1010 displays a screen 2400 for setting 
the viewing authority, the editing authority, the editing/ 
deleting authority or the full control authority for all the 
users on the operation panel 1080. In the screen 2400, 
a button 2401 representing all the users and a button 
representing the viewing authority set for all the users 
are displayed. The other buttons representing the edit- 
ing authority, the editing/deleting authority and the full 
control authority are displayed in thinner color. 
[01 37] When the user administrator pushes the button 
2401 representing all the users in the screen 2400, the 
multifunctional product 1 010 displays a screen 2500, as 



shown in FIG. 43, for setting the viewing authority, the 
editing authority, the editing/deleting authority or the full 
control authority for all the users on the operation panel 
1080. Here, the viewing authority set for all the users is 

5 highlighted in the screen 2500. When the user adminis- 
trator pushes a button representing the editing authority 
in the screen 2500, the multifunctional product 1 01 0 dis- 
plays a screen 2600 on the operation pane! 1080 in a 
status where the button representing the editing author- 
to ity for ail the users is highlighted. Since the editing au- 
thority is set for all the users in the screen 2600, the 
viewing authority of the group "Product Planning" be- 
comes insignificant and is thinner colored. 
[01 38] Here, the screen 1 930 is an exemplary screen 

15 for a user having the owner authority. An exemplary 
screen for a user having no owner authority is illustrated 
in FIG. 44. FIG. 44 shows an exemplary screen for reg- 
istering/changing certification protection information. In 
a screen shown in FIG. 44, the "REGISTER/CHANGE/ 

20 DELETE" button 1 931 is not included, and it is impossi- 
ble to move to a screen for setting the viewing authority, 
the editing authority, the editing/deleting authority or the 
full control authority for a user, a group composed of one 
or more users or all users. 

25 [0139] The above-mentioned entry information ele- 
ment 1001 uses access rules as illustrated in FIG. 45, 
for example. FIG. 45 shows an exemplary access rule 
to an entry information element according to the varia- 
tion of the first embodiment. In the access rules shown 

30 in FIG. 45, viewing authority "R" and editing authority 
"W" over a portion of general data can be changed de- 
pending on setting. On the other hand, access rules to 
personal data or management data are fixed. 
[01 40] By applying an access control list (ACL) to per- 

35 sonal data or management data, the viewing authority 
"R" and the editing authority "W" to the personal data or 
the management data may be changeable. In this case, 
the viewing authority "R" and the editing authority "W" 
to the personal data or the management data may be 

40 changed as illustrated in FIG. 46 depending on validity 
of a user administrator. 

[0141] FIGS. 46A and 46B show exemplary manipu- 
lation authority on the personal data or the management 
data depending on validity of a user administrator. FIG. 

45 46A show a case where a user administrator is valid, 
and the manipulation authority on the personal data or 
the management data is provided to a user administra- 
tor. On the other hand, FIG. 46B shows a case where a 
user administrator is not valid, and the manipulation au- 

50 thority on the personal data or the management data is 
provided to all users. 

[0142] A description is given, with reference to FIG. 
47 through FIG. 75, of a multifunctional product accord- 
ing to a second embodiment of the present invention. 
55 [0143] FIG. 47 shows an exemplary functional struc- 
ture of a multifunctional product according to the second 
embodiment. 

[0144] Referring to FIG. 45, a multifunctional product 
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3001 includes hardware resources 3010, an activation 
part 3020 and a software set 3030. The hardware re- 
sources include a plotter 301 1 , a scanner 301 2 and oth- 
er hardware resources 3013 such as a facsimile. The 
software set 3030 includes an application set 3040 and 
a platform 3050 that are executed on an operating sys- 
tem (OS) such as UNIX (registered trademark). When 
the multifunctional product 3001 is powered ON, the ac- 
tivation part 3020 starts the application set 3040 and the 
platform 3050 in OS. 

[0145] The application set 3040 includes various ap- 
plications such as a printer application 3041, a copier 
application 3042, a FAX application 3043, a scanner ap- 
plication 3044 and a WEB service shared function 
(WSF) 3045. On the other hand : the platform 3050 in- 
cludes a control service 3051 , a system resource man- 
ager (SRM) 3052 and a handler layer 3053. 
[0146] The control service 3051 includes one or more 
service modules such as a network control service 
(NCS) 3061 , a delivery control service (DCS) 3062, an 
operation panel control service (OCS) 3063, a FAX con- 
trol service (FCS) 3064, an engine control service (ECS) 
3065, a memory control service (MCS) 3066, a user in- 
formation control service (UCS) 3067, a certification 
control service (CCS) 3068 and a system control service 
(SCS) 3069. The platform 3050 is configured to have an 
application program interface (API) 3054. 
[01 47] CCS 3068 provides certification services to the 
applications 3040. Also, CCS 3068 includes one or 
more certification modules 3070 and charge modules 
3071 (which are represented as "CERTIFICATION M H 
and "CHARGE M", respectively, in FIG. 47). 
[01 48] The handler layer 3053 includes a FAX control 
unit handler (FCUH) 3081 and an image memory han- 
dler (IMH) 3082. SRM 3052 and FCUH 3081 use an en- 
gine l/F 3055 to request processes for the hardware re- 
sources 3010. Details of the multifunctional product 
3001 shown in FIG. 47 are disclosed, for example, in 
Japanese Laid-Open Patent Application No. 
2002-084383. Next, an exemplary hardware configura- 
tion of the multifunctional product 3001 according to the 
present invention is described. 

[0149] FIG. 48 shows an exemplary hardware config- 
uration of a multifunctional product according to the sec- 
ond embodiment. The multifunctional product 3001 
shown in FIG. 48 includes a controller 3100, an opera- 
tion panel 3120, FCU 3121 and an engine part 3122. 
[0150] The controller 31 00 includes CPU 31 01 , a sys- 
tem memory 3102, NB 3103, SB 3104, an accelerated 
graphics port (AGP) 3105, ASIC 3106, a local memory 
3107, HDD 3108, NIC 3109, a USB device 3110, an 
IEEE1394 device 3111 . a Centronics 3112, a SD card 
reader 3113 and an IC card reader 3114. Details of the 
multifunctional product 3001 shown in FIG. 48 are dis- 
closed, for example, in Japanese Laid-Open Patent Ap- 
plication No. 2002-084383. 

[0151] In the following, a certification function control 
method implemented by the multifunctional product 



3001 is described with reference to drawings. FIG. 49 
is a diagram for explaining an exemplary certification 
function control method according to the present inven- 
tion. In FIG. 49, components of the multifunctional prod- 
5 uct 3001 unnecessary for the explanation are omitted. 
[0152] The multifunctional product 3001 is connected 
to one or more computers 321 0 via a network 3220 such 
as Ethernet (registered trademark). A user uses a com- 
puter 3210 to operate the multifunctional product 3001 
10 remotely. Also, the multifunctional product 3001 is con- 
nected to a certification device and a charge device via 
a device driver 3200. In addition, the multifunctional 
product 3001 is connected to the SD card reader 3113 
via the device driver 3200. 
15 [0153] The IC card reader 3114, a keycard 3206 and 
a coin rack 3207 are embodiments of the certification 
device and the charge device. Here, the IC card reader 
3114 has a structure such that the IC card 3205 can be 
inserted and removed. One or more certification mod- 
20 uies 3070 and charge modules 3071 of CCS 3068 cor- 
respond to the certification device and the charge de- 
vice, respectively, connected to the multifunctional prod- 
uct 3001 . 

[01 54] The SD card reader 31 1 3 has a structure such 
25 that the SD card 3204 can be inserted and removed. 
CCS 3068 includes a certification module 3070 and a 
charge module 3071 added from the SD card 3204. It is 
noted that one or more certification modules 3070 and 
charge modules 3071 of CCS 3068 may include one or 
30 more certification modules and charge modules therein. 
[0155] SCS 3069 manages the certification device 
and the charge device connected via the device driver 
3200 and the certification module and the charge mod- 
ule 3071 of CCS 3068 with reference to a certification 
35 and charge setting table 3201 as shown in FIG. 50. FIG. 
50 shows an exemplary certification and charge setting 
table according to the second embodiment. 
[01 56] The certif ication and charge setting table 3201 
includes applications, certification means and charge 
40 means as data items. The certification means corre- 
sponds to the certification module 3070. The charge 
means corresponds to the charge module 3071 . Thus, 
in the certification and charge setting table 3201 , a cer- 
tification module 3070 and a charge module 3071 can 
45 be set for each application. 

[0157] For example, in the certification and charge 
setting table 3201 shown in FIG. 50, a certification mod- 
ule A is set as certification means of the copier applica- 
tion 3042, and a charge module I is set as charge means 
so of the copier application 3042. Also, in the certification 
and charge setting table 3201 shown in FIG. 50, a cer- 
tification module B or (+) C is set as certification means 
of the FAX application 3043, and a charge module III is 
set as charge means of the FAX application 3043. In 
55 addition, in the certification and charge setting table 
3201 , certification modules A and (*) C are set as certi- 
fication means of the scanner application 3044, and a 
charge module II is set as charge means of the scanner 
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application 3044. 

[0158] In this manner, in the certification and charge 
setting table 3201, conjunction (AND) and disjunction 
(OR) of a plurality of certification modules 3070 can be 
set as certification means. Here, although not illustrated 
in the certification and charge setting table 3201 in FIG. 
50, conjunction (AND) or disjunction (OR) of a plurality 
of charge modules 3071 can be set as charge means. . 
[01 59] MCS 3066 manages a stored document data- 
base (DB) 3203. UCS 3067 manages an address book 
table 3202. The address book table 3202 has an entry 
information element on a single user as illustrated in 
FIG. 51 . FIG. 51 shows an exemplary data structure of 
an entry information element of the multifunctional prod- 
uct 3001 according to the second embodiment. 
[0160] An entry information element 3230 represents 
information on a user of the multifunctional product 
3001 . The entry information 3230 is classified into entry 
information portions 3230a through 3230d. The entry in- 
formation portion 3230a includes a serial number and 
an owner ID as items. The entry information portion 
3230b includes items such as a registration number, a 
name, an email address, a FAX number, an SMB/FTP 
name, and a user list 3231 a. The entry information por- 
tion 3230c includes items such as a password, an SMB/ 
FTP password and a user list 3231 b. The entry informa- 
tion portion 3230d includes items such as a user name, 
user restriction information, charge data and a user list 
2231c. 

[0161] In the user list 3231 a, a user having manipula- 
tion authority on the entry information portion 3230b is 
registered. In the user list 3231b, a user having manip- 
ulation authority on the entry information portion 3230c 
is registered. In the user list 3231c, a user having ma- 
nipulation authority on the entry information portion 
3230d is registered. 

[01 62] in the user lists 3231 a through 3231 c, viewing 
authority "R", editing authority "W", deleting authority 
"D" and owner authority "O" are set as the manipulation 
authority on the entry information portions 3230b 
through 3230d. 

[0163] Also, in the use restriction information in the 
entry information 3230, for example, permission or de- 
nial of monochrome copying : permission of two-color 
copying, permission of full-color copying, permission of 
monochrome printing, permission of single-color print: 
ing, permission of two-color printing, permission of full- 
color printing, permission of FAX transmission, permis- 
sion of scanner reading, permission of document box 
printing, permission of network access and permission 
of other operations are set. 

[01 64] Next, an exemplary procedure of adding a cer- 
tification module 3070 and a charge module 3071 from 
the SD card 3204 is described. For example, when re- 
ceiving a request to display a user certification manage- 
ment screen for registering a certification module 3070 
and a charge module 3071 from a user, the multifunc- 
tional product 3001 displays a user certification man- 



agement screen 3250 or 3260 on the operation panel 
3120. FIG. 52 shows an exemplary user certification 
management screen according to the second embodi- 
ment. 

5 [0165] The user certification management screen 
3250 corresponds to a case where the certification mod- 
ule 3070 and the charge module 3071 are not included 
in the SD card 3204. Thus, the user certification and 
management screen 3250 is displayed in a status where 

10 a (thinner colored) "ADDITIONAL CERTIFICATION" 
button 3251 to use the certification module 3070 and the 
charge module 3071 added from the SD card 3204 can- 
not be selected. 

[0166] On the other hand, the user certification man- 

15 agement screen 3260 corresponds to a case where the 
certification module 3070 and the charge module 3071 
are included in the SD card 2204. When CCS 3068 de- 
tects a certification module 3070 and a charge module 
3071 from a directory (for example, root/ccs/option) of 

20 the SD card 3204 at activation time, CCS 3068 adds the 
certification module 3070 and the charge module 3071 
from the SD card 3204. Thus, the user certification and 
management screen 3260 is displayed in a status where 
an "ADDITIONAL CERTIFICATION" button 3261 to use 

25 the certification module 3070 and the charge module 
3071 added from the SD card 2204 can be selected. 
[0167] When a user selects the "ADDITIONAL CER- 
TIFICATION" button 3261, a certification manner and a 
charge manner corresponding to the added certification 

30 module 3070 and the charge module 307 1 , respectively, 
from the SD card 3204 are displayed in the user certifi- 
cation management screen 3260. For example, IC card 
certification and fingerprint certification manners are 
displayed as embodiments of the certification manners 

35 in the user certification management screen 3260 in 
FIG. 52. In the user certification management screen 
3260, a certification device and a charge device corre- 
sponding to the certification module 3070 and the 
charge module 3071 added from the SD card 3204 may 

40 be displayed. A user can use the user certification man- 
agement screen 3260 to select a certification manner 
and a charge manner. 

[0168] When the user pushes a "NEXT" button 3262, 
a user certification management screen 3270 is dis- 

45 played in the operation panel 3120. In the user certifi- 
cation management screen 3270, various functions 
(management contents) to select a certification manner 
and a charge manner are displayed. The user can use 
the user certification management screen 3270 to select 

so functions to designate a certification manner and a 
charge manner. 

[0169] Next, an exemplary procedure of creating a 
certification and charge setting table 3201 shown in FIG. 
50 is described. For example, after the multifunctional 
55 product 3001 starts the application set 3040 and the 
platform 3050, a copying screen 3300 as illustrated in 
FIG. 53 is displayed in the operation panel 3120. 
[01 70] FIG. 53 and FIG. 54 show a series of exempla- 
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ry screens displayed in the operation panel 3120. When 
a user pushes an "INITIAL SETTING" button 3301 in the 
screen 3300, the multifunctional product 3001 displays 
an initial setting screen 3310 on the operation panel 
3120. When the user a "SYSTEM INITIAL SETTING" 
button 3311 in thescreen 331 0, the multifunctional prod- 
uct 3001 displays an initial system setting screen 3320 
on the operation panel 3120. 

[0171] When the user pushes an "ADMINISTRATOR 
SETTING" button 3321 in the screen 3320, the multi- 
functional product 3001 displays an administrator set- 
ting screen 3330 as illustrated in FIG. 54 on the opera- 
tion panel 3120. The user can use screens 3340, 3350 
and 3360, to which the user can move from the screen 
3330, to create a certification and charge setting table 
3201. 

[0172] When the user pushes a "MANAGE USER 
CODE" button 3331 in the screen 3330, the multifunc- 
tional product 3001 displays a screen 3340 for setting 
user code management as certification means and 
charge means of the applications 3040 on the operation 
panel 3120. When the user pushes a "MANAGE KEY 
COUNTER" button 3332 in the screen 3330, the multi- 
functional product 3001 displays a screen 3350 for set- 
ting key counter management as certification means 
and charge means of the applications 3040 on the op- 
eration panel 3120. When the user pushes a "MANAGE 
EXTERNAL CHARGE DEVICE" button 3333 in the 
screen 3330, the multifunctional product 3001 displays 
a screen 3360 for setting external charge device man- 
agement as certification means and charge means of 
the applications 3040 on the operation panel 3120. 
[0173] If the user uses the screens 3340, 3350 and 
3360 to select a plurality of certification means and 
charge means for one of the applications 3040, conjunc- 
tion (AND) and disjunction (OR) can be set in the certi- 
fication and charge setting table 3201 shown in FIG. 50. 
[0174] In the above, the series of screens correspond- 
ing to the procedure of creating the certification and 
charge setting table 3201 displayed on the operation 
panel 3120 have been described. The screens 3300 
through 3360 are displayed on the operation panel 31 20 
by OCS 3063. Here, SCS 3069 requests OCS 3063 to 
display the screens 3300 through 3360. 
[0175] When one of the application set 3040, for 
which certification means and charge means are set in 
the certification and charge setting table 3201 , is driven, 
a certification screen as described in detail below is dis- 
played on the operation panel 31 20. In the following, an 
example of starting the copier application 3042 is de- 
scribed. 

[0176] FIG. 55 shows an exemplary certification 
screen corresponding to a case where management via 
user codes is set as certification means and charge 
means of the copy application 3042. A certification 
screen 3400 shown in FIG. 55 includes an input space 
3401 for inputting a user code and a message to prompt 
a user to input a user code. When the user inputs a user 



code in the input space 3401 and pushes "# w button 
3402, the multifunctional product 3001 displays a cop- 
ying screen 3300 on the operation panel 3120. 
[0177] FIG. 56 shows an exemplary certification 
5 screen corresponding to a case where management via 
a coin rack is set as certification means and charge 
means of the copier application. A certification screen 
3410 shown in FIG. 56 includes a message to prompt 
the user to supply money in the coin rack 3207. When 
10 the user supplies a specified mount of money in the coin 
rack 3207, the multifunctional product 3001 performs 
certification as described below. If the certification is 
successfully completed, the copying screen 3300 is dis- 
played on the operation panel 31 20 of the multifunction- 
15 al product 3001 . 

[0178] FIG. 57 shows an exemplary certification 
screen corresponding to a case where management us- 
ing a plurality of means is set as certification means and 
charge means of the copier application. Screens 3420 
20 and 3430 include buttons to select a key counter, a key- 
card, a user code, user certification, an IC card 3205 
and fingerprint certification, provided in the certification 
and charge setting table 3201 as certification means 
and charge means of the copier application. 
25 [0179] Here, when the user pushes a button 3421 dur- 
ing displaying of the screen 3420 on the operation panel 
3120, the multifunctional product 3001 displays a 
screen 3430 on the operation panel 3120. On the other 
hand, when the user pushes a button 3431 during dis- 
30 playing of the screen 3430 on the operation panel 31 20, 
the multifunctional product 3001 displays a screen 3420 
on the operation panel 3120. 

[0180] For example, when the user pushes a button 
to select a user code in the screen 3420, a certification 
35 screen 3440 corresponding to a case where manage- 
ment via a user code is set is displayed on the operation 
panel 3120 of the multifunctional product 3001. Also, 
when the user pushes a button to select a key counter 
in the screen 3420, a certification screen 3450 corre- 
40 sponding to a case where management via a key coun- 
ter is set is displayed on the operation panel 3120 of the 
multifunctional product 3001 . 

[01 81 ] When the certification is successfully complet- 
ed as described above, the copying screen 3300 is dis- 
45 played on the operation panel 3120 of the multifunction- 
al product 3001 . In the certification screen shown in FIG . 
57, if certification corresponding to one of a plurality of 
means registered in the certification and charge setting 
table 3201 as certification means and charge means is 
so successfully completed, the copying screen 3300 is dis- 
played on the operation panel 3120. In this case, dis- 
junction (OR) of the plurality of certification modules 
3070 is set as certification means in the certification and 
charge setting table 3201 . 
55 [0182] FIG. 58 shows an exemplary certification 
screen corresponding to a case where management us- 
ing a plurality of means is set as certification means and 
charge means of the copier application. Screens 3460 
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and 3470 include buttons to select a user code, a key 
counter, a keycard and fingerprint certification provided 
in the certification and charge setting table 3201 as cer- 
tification means and charge means of the copier appli- 
cation. 

[0183] In the screens 3460 and 3470, if certification 
of the user is not successfully completed by using a user 
code and one of a key counter a keycard and fingerprint 
certification, the copying screen 3300 cannot be dis- 
played on the operation panel 3120. 
[0184] Here : when the user pushes a button 3461 dur- 
ing displaying of the screen 3460 on the operation panel 
3120, the multifunctional product 3001 displays the 
screen 3470 on the operation panel 3120. On the other 
hand, when the user pushes a button 3471 during dis- 
playing of the screen 3470 on the operation panel 3120, 
the multifunctional product 3001 displays the screen 
3460 on the operation panel 3120. 
[0185] For example, when the user pushes a button 
to select a keycard in the screen 3460, a certification 
screen (not illustrated) corresponding to a case where 
management via the keycard is set is displayed on the 
operation panel 3120 of the multifunctional product 
3001 . If the certification via the keycard is successfully 
completed, a screen 3480 having a button to select a 
user code or a key counter is displayed on the operation 
panel 3120 of the multifunctional product 3001 . 
[01 86] When the user pushes a button to select a user 
code in the screen 3480, a certification screen 3500 cor- 
responding to a case where management via the user 
code is set is displayed on the operation panel 3120 of 
the multifunctional product 3001 . If the certification us- 
ing the user code is successfully completed, the copying 
screen 3300 is displayed on the operation panel 3120 
of the multifunctional product 3001 . 
[0187] Also, when the user pushes a button to select 
a user code in the screen 3460, a certification screen 
(not illustrated) corresponding to a case where manage- 
ment via the user code is set is displayed on the oper- 
ation panel 3120 of the multifunctional product 3001 . If 
the certification using the user code is successfully com- 
pleted, a screen 3490 having a button to select a key 
counter or a keycard is displayed on the operation panel 
3120 of the multifunctional product 3001 . 
[0188] When the user pushes the button to select a 
key counter or a keycard in the screen 3490, a certifica- 
tion screen (not illustrated) corresponding to a case 
where management via the key counter or the keycard 
is set is displayed on the operation panel 3120 of the 
multifunctional product 3001 . If the certification using 
the key counter or the keycard is successfully complet- 
ed, the copying screen 3300 is displayed on the opera- 
tion panel 3120 of the multifunctional product 3001. 
[0189] As mentioned above, if the certification using 
a user code and one of a key counter, a keycard and 
fingerprint certification is successfully completed, the 
copying screen 3300 is displayed on the operation panel 
3120 of the multifunctional product 3001 . In the certifi- 
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cation screen shown in FIG. 58, if the certification using 
a predefined combination of a plurality of means regis- 
tered in the certification and charge setting table 3201 
as certification means and charge means is successfully 
5 completed, the copying screen 3300 is displayed on the 
operation panel 3120. In this case, conjunction (AND) 
of the plurality of certification modules 3070 is set as 
certification means in the certification and charge setting 
table 3201 . 

10 [01 90] Next, an exemplary operation of the multifunc- 
tional product 3001 to which a certification module 3070 
and a charge module 3071 are added depending on ad- 
dition of certification means and charge means, focused 
on an operation of the certification module 3070 and the 

15 charge module 3071 , is described. 

[0191] FIG. 59 is a sequence diagram of an exempla- 
ry operation of a certification module and a charge mod- 
ule according to the second embodiment. For example, 
when the application set 3040 and the platform 3050 are 

20 activated, the certification module 3070 and the charge 
module 3071 of the multifunctional product 3001 pro- 
ceed to step S3001 . In FIG. 59, the certification module 
3070 and the charge module 3071 are represented as 
"CCM-A" and "CCM-B", respectively. 

25 [0192] At step S3001 , CCM-A registers the certifica- 
tion module 3070 orthe charge module 3071 (hereinaf- 
ter which are collectively referred to as certification 
charge modules) in CCS 3068. At step S3002, CCM-A 
registers the type of certification means or charge 

30 means corresponding to the certification charge mod- 
ules (for example, coin rack 3207) as the type of certifi- 
cation and charge devices in CCS 3068. At step S3003, 
CCM-A reports the status of the certification charge 
modules to CCS 3068. 

35 [0193] At step S3004, CCM-B registers certification 
charge modules in CCS 3068. At step S3005, CCM-B 
registers the type of certification means and charge 
means corresponding to the certification charge mod- 
ules as the type of certification and charge devices in 

40 CCS 3068. At step S3006, CCM-B reports the status of 
the certification charge modules to CCS 3068. The op- 
eration of steps S3001 through S3003 and steps S3004 
through S3006 is performed on all certification modules 
3070 and charge modules 3071 of CCS 3068. 

45 [01 94] At step S3007, the copier application 3042 per- 
forms application registration on SCS 3069. At step 
S3008, SCS 3069 sends to the copier application 3042 
a system setting report indicating that use restriction is 
provided with the copier application 3042. If the copier 

50 application 3042 has use restriction based on the sys- 
tem setting report at step S3008, the copier application 
3042 performs certification registration on CCS 3068 at 
step S3009. At step S3010, CCS 3068 requests SCS 
3069 to acquire the certification and charge setting table 

55 3201 . At step S3011 , SCS 3069 supplies the certifica- 
tion and charge setting table 3201 to CCS 3068. 
[0195] At step S301 2, CCS 3068 identifies a certifica- 
tion charge module set as certification means or charge 
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means of the copier application 3042 with reference to 
the certification and charge setting table 3201 , and sup- 
plies contents thereof as a certification setting report to 
the copier application 3042. For example, in the certifi- 
cation and charge setting table 3201 shown in FIG. 50, 
CCS 3068 identifies the certification means A and the 
charge means I set as the certification means and the 
charge means of the copier application 3042, and sup- 
plies the contents thereof as a certification setting report 
to the copier application 3042. 

[0196] At step S301 3, CCS 3068 reports the certifica- 
tion status to the copier application 3042. Through the 
certification status report, the certification status (for ex- 
ample, the status where the use is restricted) of the cer- 
tification charge module identified at step S3012 is re- 
ported. 

[0197] For example, if the copying screen 3300 is dis- 
played on the operation panel 3120, the copier applica- 
tion 3042 requests CCS 3068 to display a certification 
screen. At step S3015, CCS 3068 issues a certification 
screen display report corresponding to the certification 
means of the copier application 3042. For example, 
CCS 3068 issues a certification screen display report 
corresponding to the certification means A set as the 
certification means of the copier application 3042. 
[0198] At step S3016, SCS 3069 issues an operation 
part owner transition request to the copier application 
3042. At step S301 7 : the copier application 3042 issues 
an operation part owner transition response to SCS 
3069. Through the operation of steps S301 6 and S301 7, 
an owner of the operation part of the multifunctional 
product 3001 is switched into the copier application 
3042. 

[01 99] At step S301 8, SCS 3069 issues a certification 
screen display preparing request to CCS 3068. At step 
S3019, CCS 3068 issues a certification charge module 
screen preparing request to the certification means of 
the copier application 3042. For example, CCS 3068 is- 
sues the certification charge module screen preparing 
request to CCM-A set as the certification means of the 
copier application 3042. 

[0200] At step S3020, CCM-A set as the certification 
means of the copier application 3042 creates a screen 
for the certification charge module screen such as 
screens 3400 and 341 0. At step S3021 , CCM-A informs 
CCS 3068 that the certification charge module screen 
has been prepared. 

[0201] At step S3022, CCS 3068 informs SCS 3069 
that the displaying of the certification screen has been 
prepared. At step S3023, SCS 3069 displays the certi- 
fication charge module screen on the operation panel 
3120 by requesting OCS 3063 to display the certification 
charge module screen created at step S3020. 
[0202] In the multifunctional product 3001 , the certifi- 
cation module 3070 or the charge module 3071 manag- 
es the certification charge module screen, and SCS 
3069 manages a screen to select the certification 
charge module screen (for example, the screens 3420 



and 3430). 

[0203] According to the sequence diagram shown in 
FIG. 59, the certification module 3070 creates the cer- 
tification charge module screen displayed on the oper- 

5 ation panel 3120. As a result, programs of SCS 3069 do 
not have to be modified in response to addition of the 
certification charge module. Also, the certification 
charge module performs registration on CCS 3068 as 
at steps S3001 through S3006 in the sequence diagram 

10 shown in FIG. 59. As a result, it is unnecessary to modify 
the programs of SCS 3069 in response to the addition 
of the certification charge module. In this manner, the 
multifunctional product 3001 according to the second 
embodiment makes it easier to add a new certification 

15 function and a new charge function. 

[0204] Next, an exemplary operation to cancel use re- 
striction of the application set 3040 via certification 
screens is described. FIG. 60 is a sequence diagram of 
a first exemplary user restriction cancel operation of a 

20 multifunctional product according to the second embod- 
iment. In the sequence diagram shown in FIG. 60, steps 
S3001 through S3013 in FIG. 59 prior to step S3031 are 
omitted. 

[0205] At step S3031 , the copier application 3042 re- 
25 quests CCS 3068 to display a certification screen. At 
step S3032, CCS 3068 causes the certification module 
3070 to create a certification screen corresponding to 
certification means of the copier application 3042. At 
step S3033, CCS 3068 issues a use restriction screen 
30 report. At step S3034, SCS 3069 displays the certifica- 
tion screen on the operation panel 3120 by requesting 
OCS 3063 to display the certification screen created at 
step S3032. 

[0206] In the following, an example of setting usercer- 
35 tification as the certification means of the copier appli- 
cation 3042 is described. In response to the screen dis- 
playing request at step S3034, a certification screen for 
user certification is displayed on the operation panel 
3120. 

40 [0207] When a user inputs a user name and a pass- 
word in the certification screen for the purpose of the 
user certification, OCS 3063 reports a key event to SCS 
3069 at step S3035. At step S3036, SCS 3069 reports 
the key event to CCS 3068. 

45 [0208] At step S3037, CCS 3068 converts the report- 
ed key event into the user name and the password. At 
step S3038, CCS 3068 requests UCS 3067 to authen- 
ticate the user name and the password. At step S3039, 
UCS 3067 compares the user name and the password 

50 supplied from CCS 3068 with contents in an address 
book table 3202. 

[0209] At step S3040, UCS 3067 sends the certifica- 
tion result at step S3039 as a certification result re- 
sponse to CCS 3068. At step S3041 , CCS 3068 checks 
55 use restriction set in the certification and charge setting 
table 3201. 

[0210] In the following, an example of cancelling use 
restriction of the copier application 3042 based on the 
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check result at step S3041 is described. At step S3042, 
CCS 3068 informs the copier application 3042 that the 
use restriction is to be cancelled based on the certifica- 
tion status report. At step S3043, CCS 3068 supplies to 
the copier application 3042 a ticket representing that the 
user has been authenticated. 

[0211] This ticket includes an expiration date, acqui- 
sition date and time, an encryption key for encrypting 
the ticket, user information, .and a digest message (DM) 
of the whole ticket. The user information includes a user 
name, a password, an entry ID, use restriction informa- 
tion, and local/remote operation identification informa- 
tion, for example. 

[0212] The copier application 3042 having the ticket 
is allowed to use various services provided by individual 
processes. Also, the digest message of the whole ticket 
is used to detect falsification of the ticket. 
[0213] At step S3044, CCS 3068 supplies login user 
information to SCS 3069. The login information rather 
than the ticket is supplied to SCS 3069, because the 
certification is required again by items of system initial 
setting. 

[0214] When receiving the ticket, the copier applica- 
tion 3042 requests CCS 3068 to display a certification 
screen to delete a certification screen at step S3045. At 
step S3026, CCS 3068 requests SCS 3069 to display 
the certification screen to delete the certification screen. 
[0215] At step S3047, SCS 3069 displays the copying 
screen 3300 on the operation panel 3120 by requesting 
OCS 3063 to display the copying screen 3300. 
[0216] In other words, when the use restriction of the 
copier application 3042 is cancelled, the copying screen 
3300 can be displayed on the operation panel 31 20. As 
a result, the user can make use of function provided by 
the copier application 3042. 

[0217] FIG. 61 is a sequence diagram of a second ex- 
emplary use restriction cancel operation of a multifunc- 
tional product according to the second embodiment. In 
the sequence diagram in FIG. 61, steps S3001 through 
S3013 in FIG. 59 prior to step S3051 are omitted as in 
FIG. 60. Also, steps S3051 through S3057 are similar 
to steps S3031 through S3037 in FIG. 60, and the de- 
scription thereof is omitted. 

[0218] At step S3058 : CCS 3068 uses the user name 
converted at step S3057 to issue an entry ID acquisition 
request. At step S3059, UCS 3067 searches an address 
book table 3202 by using the user ID supplied from CCS 
3068 as key information, and reads an entry ID corre- 
sponding to the user ID. CCS 3068 acquires the entry 
ID read from the address book table 2202 from UCS 
3067. 

[0219] At step S3060, CCS 3068 uses the entry ID 
acquired from UCS 3067 to issue a password acquisi- 
tion request. At step S3061 , UCS 3067 searches the ad- 
dress book table 3202 by using the entry ID supplied 
from CCS 3068 as key information, and reads a pass- 
word corresponding to the entry ID. The read password 
is supplied from UCS 3067 to CCS 3068. 



[0220] At step S3062, CCS 3068 performs certifica- 
tion by comparing the password converted at step 
S3057 with the password supplied from UCS 3067. If 
the certification is successfully completed, CCS 3068 
5 uses the entry ID acquired from UCS 3067 to issue a 
restriction information acquisition request at step 
S3063. 

[0221] At step S3064, UCS 3067 searches the ad- 
dress book table 3202 by using the entry ID supplied 

10 from CCS 3068 as key information, and reads restriction 
information corresponding to the entry ID. 
[0222] At step S3065, UCS 3067 sends the restriction 
information read at step S3064 as a certification result 
response to CCS 3068. For example, based upon the 

15 certification result response at step S3065, the use re- 
striction of the copier application 3042 is cancelled. 
Here, steps S3066 through S3071 in FIG. 61 are similar 
to steps S3042 through S3047 in FIG. 60, and the de- 
scription thereof is omitted. 

20 [0223] In this manner, if the user restriction of the cop- 
ier application 3042 is cancelled, the copying screen 
3300 is displayed on the operation panel 3120. As a re- 
sult, the user can make use of functions provided by the 
copier application 3042. 

25 [0224] FIG. 62 is a sequence diagram of a third ex- 
emplary use restriction cancel operation of a multifunc- 
tional product according to the second embodiment. In 
the sequence diagram in FIG. 62, steps S3001 through 
S3013 prior to step S3081 are omitted as in FIG. 60. 

30 Also, steps S3081 through S3083 in FIG. 62 are similar 
to steps S3031 through S3033 in FIG. 60, and the de- 
scription thereof is omitted. 

[0225] At step S3084, SCS 3069 displays a certifica- 
tion screen on the operation panel 3120 by requesting 
35 OCS 3063 to display the certification screen created at 
step S3082. 

[0226] In the following, an example of using the IC 
card 3205 as the certification means of the copier appli- 
cation 3042 is described. In response to the screen dis- 

40 playing request at step S3084, a certification screen for 
IC card certification is displayed. When the user inserts 
the IC card 3205 in the card reader 3204, the card reader 
3204, which is an embodiment of an external certifica- 
tion device, performs certification by comparing infor- 

45 mation recorded in the IC card 3205 with information re- 
corded in an address book of the card reader 3204. 
[0227] At step S3086, the card reader 3204 sends the 
certification result at step S3085 as a certification status 
report to SCS 3069. At step S3087, SCS 3069 sends an 

50 external charge status report to CCS 3068 based on the 
certification status report received at step S3086. Here, 
steps S3088 through S3094 in FIG. 62 are similar to 
steps S3041 through S3047 in FIG. 60, and the descrip- 
tion thereof is omitted. 

55 [0228] In this manner, if the use restriction of the cop- 
ier application 3042 is cancelled, the copying screen is 
displayed on the operation panel 3120. As a result, the 
user can make use of functions provided by the copier 
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application 3042. 

[0229] FIG. 63 is a sequence diagram of a fourth ex- 
emplary use restriction cancel operation of a multifunc- 
tional product according to the second embodiment. In 
the sequence diagram in FIG. 63, steps S3001 through 5 
S3013 prior to step S3100 are omitted as in FIG. 60. 
Also, steps S3100 through S31 06 are similar to steps 
S3081 through S3087, and the description thereof is 
omitted. 

[0230] At step S31 07, CCS 3068 acquires information *< 
required to search the address book table 3202 from the 
external charge status report received from SCS 3069 
at step S3106. At step S3108, CCS 3068 requests UCS 
3067 to start the searching. 

[0231] At step S3109, UCS 3067 searches the ad- * 
dress book table 3202 by using information supplied to- 
gether with the search start request from CCS 3068 as 
key information, and reads user information corre- 
sponding to the information. UCS 3067 sends the read 
user information as a search completion notice to CCS * 
3068. 

[0232] At step S3111 : CCS 3068 checks use restric- 
tion set in the certification and charge setting table 3201 
based on the search completion notice received at step 
S31 1 0. Here, steps S31 1 2 through S31 1 7 in FIG. 63 are * 
similar to steps S30B9 through S3094 in FIG. 62, and 
the description thereof is omitted. 
[0233] In this manner if the use restriction of the cop- 
ier application 3042 is cancelled, the copying screen 
3300 is displayed on the operation panel 3120. As a re- 
sult, the user can make use of functions provided by the 
copier application 3042. 

[0234] Next, exemplary charge operations after the 
copying screen 3300 is displayed on the operation panel 
3120 of the multifunctional product 3001 are described. 
FIG. 64 is a sequence diagram of a first exemplary 
charge operation of a multifunctional product according 
to the second embodiment. 

[0235] At step S3120, OCS 3063 informs SCS 3069 
that a user has supplied a start key. At step S31 21 , SCS 
3069 informs the copy application 3042 that the start key 
has been pushed. In response to receipt of the notice, 
the copy application 3042 requests CCS 3068 to count 
charge for the application. 

[0236] At step S3123, the copier application 3042 is- 
sues a copying job start request together with a ticket to 
ECS 3065. At step S3124, ECS 3065 asks CCS 3068 
whether the job involved in a sheet size can be execut- 
ed. At step S3125, CCS 3068 asks SCS 3069 whether 
the job involved in the sheet size can be executed. 
[0237] At step S3126, SCS 3069 issues an executa- 
bility (permission or denial of job execution) request in- 
cluding the sheet size to an external charge certification 
device such as the coin rack 3307. At step S3127, the 
external charge certification device determines whether 
the job can be executed based on the sheet size and 
remaining deposit, and sends an executability response 
corresponding to the determination result to SCS 3069. 



[0238] At step S31 28, SCS 3069 sends the executa- 
bility response received at step S3127 to CCS 3068. At 
step S3129, based on the executability response re- 
ceived at step S3128, CCS 3068 sends a job executa- 
bility result notice to ECS 3065. 
[0239] If the job executability result notice indicates 
that the job can be executed, ECS 3065 reports process 
start to the engine part 3122 at step S3130. At step 
S3131 , CCS 3068 receives the status of a plotter proc- 
i ess from the engine part 3122. 

[0240] At step S31 32, based on the status of the plot- 
ter process received from SCS 3069, CCS 3068 re- 
quests SCS 3069 to count charge. At step S3133, SCS 
3069 issues a charge counting request to the external 
5 charge certification device set in the certification and 
charge setting table 3201 as the charge means of the 
copy application 3042. In other words, the charge count- 
ing operation is performed in the external charge certi- 
fication device. 
»o [0241] At step S3134, the plotter process status is 
supplied from the engine part 31 22 to CCS 3068 At step 
S3136, the plotter process status is supplied from the 
engine part 31 22 to ECS 3065. At step S231 5, a process 
end is supplied from the engine part 3 1 22 to ECS 3065. 
25 [0242] In response to receipt of the process end, ECS 
3065 informs the copier appl ication 3042 that the job has 
been executed at step S3137. At step S3138, the copy 
application 3042 requests CCS 3068 to stop counting 
the application charge. 
30 [0243] According to the charge operation in FIG. 64, 
even if copying charge is variable depending on sheet 
sizes, it is possible to execute a job by checking execut- 
ability of the job including a sheet size. Specifically, if 
the current deposit can cover the copying charge corre- 
35 sponding to the sheet size, the job is executed. 

[0244] FIG . 65 is a seq uence diagram of a second ex- 
emplary charge operation of a multifunctional product 
according to the second embodiment. In the sequence 
diagram in FIG. 65, steps S31 40 through S3144aresim- 
40 ilar to steps S3120 through S3124 in FIG. 64, and the 
description thereof is omitted. 

[0245] At step S31 45, CCS 3068 requests SCS 3069 
current remaining deposit. At step S3146, SCS reports 
the remaining deposit to CCS 3068. Based upon the re- 
45 ported remaining deposit, CCS 3068 determines wheth- 
er a job can be executed. 

[0246] At step S31 47, based on the determination re- 
sult, CCS 3068 reports the job executability result to 
ECS 3065. Here, steps S3148 through S3150 are sim- 
50 }|ar to steps S3130 through S3132 in FIG. 64, and the 
description thereof is omitted. 

[0247] At step S3151, in response to the charge 
counting request at step S3150, SCS 3069 counts 
charge. In other words, SCS 3069 rather than the exter- 
55 nal charge certification device performs the charge 
counting operation. Here, steps S3152 through S3156 
are similar to steps S3134 through S3138 in FIG. 64, 
and the description thereof is omitted. According to the 
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charge operation in FIG. 65, it is checked whether a job 
can be executed, and if current deposit sufficiently re- 
mains, the job is allowed to be executed. 
[0248] FIG. 66 is a sequence diagram of a third ex- 
emplary charge operation of a multifunctional product 
according to the second embodiment. In the sequence 
diagram in FIG. 66, steps S31 60 through S31 70 are sim- 
ilar to steps S3140 through S3150 in FIG. 65, and the 
description thereof is omitted. 

[0249] At step S3171 , SCS 3069 requests an external 
charge certification device, which is set in the certifica- 
tion and charge setting table 3201 as the charge means 
of the copy application 3042, to count charge. In other 
words, the charge counting operation is performed in the 
external charge certification device. 
[0250] At step S3172, based on current remaining de- 
posit reported by SCS 3069 at step S31 66, CCS 3068 
checks the remaining deposit. If the remaining deposit 
is 0, CCS 3068 requests ECS 3065 to stop the job at 
step S3173. At step S3174, in response to the job stop 
request, ECS 3065 instructs the engine part 3122 to 
cancel the process. Here : steps S3175 through S3179 
are similar to steps S3153 through S3156 in FIG. 65, 
and the description thereof is omitted. According to the 
charge operation in FIG. 66, CCS checks current re- 
maining deposit, and if the deposit is used up, CCS 3068 
can stop the job. 

[0251] FIG. 67 is a sequence diagram of a fourth ex- 
emplary charge operation of a multifunctional product 
according to the second embodiment. In the sequence 
diagram in FIG. 67. steps S31 80 through S31 93 are sim- 
ilar to steps S3120 through S3133 in FIG. 64, and the 
description thereof is omitted. 

[0252] At step S3194, if the remaining deposit is 0, the 
external charge certification device instructs the engine 
part 3122 to cancel the process. In other words, the ex- 
ternal charge certification device stops the process of 
the engine part 31 22. Here : steps S31 95 through S31 99 
are similar to steps S3134 through S3138 in FIG. 64, 
and the description thereof is omitted. According to the 
charge operation in FIG. 67, the external charge certifi- 
cation device checks current remaining deposit, and 
when the deposit is used up, the external charge certi- 
fication device can stop the job. 

[0253] FIG. 68 is a sequence diagram of a fifth exem- 
plary charge operation of a multifunctional product ac- 
cording to the second embodiment. In the sequence di- 
agram in FIG. 68, steps S3200 through S3211 are sim- 
ilar to steps S3140 through S3151 in FIG. 65, and the 
description thereof is omitted. 

[0254] AtstepS3212, if the current remaining deposit 
is 0, SCS 3069 instructs the engine part 3122 to cancel 
the process. In other words, SCS 3069 stops the proc- 
ess of the engine part 31 22. At step S321 3, the engine 
part 31 22 informs ECS 3065 that the process has been 
stopped. 

[0255] At step S3214, the engine part 3122 reports a 
plotter process status to CCS 3068. At step S321 5, the 



engine part 3122 reports the plotter process status to 
ECS 3065. Here, steps S321 6 and S321 7 are similar to 
steps S31 55 through S31 56 in FIG. 65, and the descrip- 
tion thereof is omitted. According to the charge opera- 
5 tion in FIG. 68, when the deposit is used up, SCS 3069 
can stop the job. 

[0256] Although the cases where the use restriction 
of the application set 3040 is cancelled have been de- 
scribed with reference to FIG. 60 through FIG. 63, the 
10 case where the use restriction cannot be cancelled has 
to be considered. Next, examples where the use restric- 
tion of the application set 3040 cannot be cancelled are 
described. 

[0257] FIG. 69 is a sequence diagram of an exempla- 
15 ry use restriction cancel operation for the case where 
use restriction is not cancelled. In the sequence diagram 
in FIG. 69, steps S3001 through S3013 in FIG. 59 prior 
to step S3220 are omitted as in the sequence diagram 
in FIG. 60. 

20 [0258] At step S3220, the FAX application 3043 re- 
quests CCS 3068 to display a certification screen. At 
stepS3221 , CCS 3068 instructs the certification module 
3070 to create a certification screen corresponding to 
the certification means of the FAX application 3043. At 

25 step S3222, CCS 3068 sends a use restriction screen. 
At step S3223, SCS 3069 displays the certification 
screen on the operation panel 3120 by requesting OCS 
3063 to display the certification screen created at step 
S3221. 

30 [0259] In the following, a case where user certification 
is set as the certification means of the FAX application 
3043 is described. In response to the screen displaying 
request at step S3223, a certification screen to authen- 
ticate the user is displayed on the operation panel 3120. 

35 Here, steps S3224 through S3229 are similar to steps 
S3035 through S3040 in FIG. 60, and the description 
thereof is omitted. 

[0260] At step S3230, CCS 3068 checks use restric- 
tion set in the certification and charge setting table 320 1 . 

40 in the following, a case where the use restriction of the 
FAX application 3043 is not cancelled based on the 
check result at step S3230 is described. At step S3231 , 
CCS 3068 determines that the use restriction is not can- 
celled based on the check result at step S3230, and 

45 sends login user information to the FAX application 
3043. At step S3232, CCS 3068 sends the login user 
information to SCS 3069. 

[0261] In response to receipt of the login user infor- 
mation, the FAX application 3043 issues a certification 

so screen display request to display a use restriction 
screen 351 0, as illustrated in FIG. 70, on the operation 
panel 3120 to CCS 3068 at step S3233. FIG. 70 shows 
an exemplary use restriction screen. The illustrated user 
restriction screen includes a message indicating that the 

55 use of a function is restricted. At step S3234, CCS 3068 
creates the use restriction screen 3510. 
[0262] At step S3235, CCS 3068 sends issues a use 
restriction screen notice to SCS 3069. At step S3236, 
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SCS 3069 displays the use restriction screen 3510 on 
the operation panel 3120 by requesting OCS 3063 to 
display the use restriction screen 3510. 
[0263] In other words, if the use restriction of the FAX 
application 3043 is not cancelled, the use restriction 
screen 3510 is displayed on the operation panel 3120, 
and the user cannot make use of functions provided by 
the FAX application 3043. 

[0264] FIG. 71 is a sequence diagram of another ex- 
emplary use restriction canceling operation for the case 
where use restriction is not cancelled. In the sequence 
diagram in FIG. 71 , steps S3001 through S3013 in FIG. 
59 prior to step S3240 are omitted. Also, steps S3240 
through S3252 in FIG. 71 are similar to steps S3220 
through S3232 in FIG. 69, and the description thereof is 
omitted. 

[0265] In response to receipt of login user information, 
the FAX application 3043 creates the use restriction 
screen 3510, as illustrated in FIG. 70, atstepS3253. At 
step S3254, the FAX application 3043 issues a use re- 
striction screen notice to SCS 3069. At step S3255, SCS 
3069 displays the use restriction screen 351 0 on the op- 
eration panel 3130 by requesting OCS 3063 to display 
the use restriction screen 3510. 

[0266] In other words, if the use restriction of the FAX 
application 3043 is not cancelled, the use restriction 
screen 3510 is displayed on the operation panel 3120, 
and the user cannot make use of functions provided by 
the FAX application 3043. It is noted that the FAX appli- 
cation 3043 creates the use restriction screen 3510 in 
accordance with the sequence diagram in FIG. 71 . 
[0267] Although some of the application set 3040 that 
use an operation part such as the operation panel 3120 
of the multifunctional product 3001 are used to describe 
the above operations with respect to FIG. 60 through 
FIG. 63, another application 3040 remotely operated by 
a computer 321 0 connected via the network 3220 may 
be used. 

[0268] FIG. 72 is a sequence diagram of another ex- 
emplary use restriction cancel operation through remote 
manipulation according to the second embodiment. In 
FIG. 72, certification is performed at a network protocol 
level. 

[0269] At step S3260, an external computer 321 0 is- 
sues a connection request to NCS 3061 . This connec- 
tion request includes a user name and a password. At 
step S3261, NCS 3061 requests CCS 3068 to authen- 
ticate a user by providing the user name and the pass- 
word as an argument. At step S3262, CCS 3068 con- 
verts the certification request into the user name and the 
password. 

[0270] At step S3263 : CCS 3068 requests UCS 3067 
to authenticate the user name and the password. At step 
S3264, UCS 3067 authenticates the user name and 
password supplied from CCS 3068 by comparing the 
user name and password with those in the address book 
table 3202. 

[0271 ] At step S3265, UCS 3067 reports the certifica- 



tion result at step S3264 as a certification result re- 
sponse to CCS 3068. At stepS3266, CCS 3068 checks 
use restriction set in the certification and charge setting 
table. 

5 [0272] In the following, a case where the use restric- 
tion is cancelled based on the check result at step S3266 
is described. At step S3267, CCS 3068 supplies to NCS 
3061 a ticket representing that the certification is suc- 
cessfully completed. Here, different tickets may be used 

10 for an application 3040 that uses the operation part, 
such as the operation panel 31 20, of the multifunctional 
product 3001 and an application 3040 remotely manip- 
ulated from the computer 3210 connected via the net- 
work 3220. 

15 [0273] AtstepS3268, NCS 3061 reports a connection 
permission for the connection request at step S3260 to 
the external computer 3210. At step S3269, CCS 3068 
supplies login user information to SCS 3069. Since the 
user has to be authenticated again depending on items 

20 of the initial system setting, the user login information 
ratherthan the ticket is supplied to SCS 3069. Also, CCS 
3068 supplies the user login information to the copier 
application 3042 at step S3270. According to the se- 
quence diagram in FIG. 72, the user can cancel use re- 

25 striction through remote manipulation. 

[0274] It is noted that measures against DoS (Denial 
of Service) attack is available in accordance with the se- 
quence diagram in FIG. 72. FIG. 73 is a sequence dia- 
gram of an exemplary use restriction cancel operation 

30 through remote manipulation wherein measures against 
DoS attack are devised. 

[0275] In the sequence diagram in FIG. 73, a user 
name and a password converted from a certification re- 
quest are used. It is determined whetherthe certification 

35 request is received from the same user that issued the 
previous certification request, and if the certification re- 
quest from the same user violates predefined restriction 
(for example, the number of access times or access 
time), the user is not authenticated. 

40 [0276] For example, after the user repeats steps 
S3260 through S3270 via an external computer 3210, 
the external computer 3210 issues a connection request 
to NCS 3061 at step S3271 . At step S3272, NCS 3061 
requests CCS 3068 to authenticate the user by deliver- 

45 ing a user name and a password as an argument. At 
step S3273, CCS 3068 converts the certification request 
into the user name and the password. 
[0277] At step S3274, CCS 3068 uses the user name 
and the password converted at step S3273 to determine 

so whether the certification request is from the same user 
that issued the previous certification request. If CCS 
3068 determines that the certification request is from the 
same user (S3274: YES), CCS 3068 further determines 
whether the certification request from the user violates 

55 predefined restriction. 

[0278] If CCS 3068 determines that the certification 
request from the user violates the predefined restriction 
(S3275: YES), CCS 3068 informs NCS 3061 that the 
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certification fails at step S3276. At step S3277, NCS 
3061 informs the external computer 3210 that the con- 
nection request at step S3271 is denied. 
[0279] On the other hand, if CCS 3068 that the certi- 
fication request is not from the same user (S3274: NO) 
or if the certification request from the same user does 
not violate the predefined restriction (S3275: NO), CCS 
3068 performs operations corresponding to steps 
S3263 through S3270. According to the sequence dia- 
gram in FIG. 73, measures against DoS attack can be 
devised in the use restriction cancel operation through 
remote manipulation. 

[0280] FIG. 74 is a sequence diagram of another ex- 
emplary use restriction canceling operation through re- 
mote manipulation according to the second embodi- 
ment. In FIG. 74, certification is performed at an appli- 
cation level to control a network protocol. 
[0281] At step S3280, an external computer 3210 is 
connected to NCS 3061 in http. NCS 3061 is provided 
with a user name and a password from the external com- 
puter 3210. At step S3281, NCS 3061 requests WSF 
3045 to acquire capability. This capability request in- 
cludes the user name and the password. 
[0282] At step S3282, WSF 3045 requests CCS 3068 
to authenticate the user by delivering the user name and 
the password as an argument. Here, steps S3283 
through S3287 are similar to steps S3262 through 
S3266 in FIG. 72, and the description thereof is omitted. 
[0283] At step S3288, CCS 3068 supplies to WSF 
3045 a ticket representing that the certification is suc- 
cessfully completed. Here, different tickets may be pro- 
vided to an application 3040 that uses the operation 
part, such as the operation panel 31 30, of the multifunc- 
tional product 3001 and an application 3040 remotely 
operated from a computer 321 0 connected via the net- 
work 3220. 

[0284] At step S3289, WSF 3045 uses the ticket to 
acquire data. At step S3290, WSF 3045 supplies the da- 
ta acquired at step S3289 as capability to NCS 3061 . At 
step S3291 , NCS 3061 supplies the acquired capability 
as n http response to the external computer 3210. 
[0285] At step S3292, CCS 3068 supplies login user 
information to SCS 3069. Since the user has to be au- 
thenticated again depending on items of the initial sys- 
tem setting, the user login information rather than the 
ticket is supplied to SCS 3069. At step S3293, CCS 
3068 supplies the user login information to the copier 
application 3042. According to the sequence diagram in 
FIG. 74, the user can cancel use restriction through re- 
mote manipulation. 

[0286] Next, an exemplary logout operation is de- 
scribed. FIG. 75 is a sequence diagram of an exemplary 
logout operation of a multifunctional product according 
to the second embodiment. For example, when a user 
inputs a logout key, OCS 3063 reports the input key in- 
formation to SCS 3069. 

[0287] At step S3301 , SCS 3069 determines that a 
logout request has been provided based on the key in- 



formation reported from OCS 3063, and reports the lo- 
gout request to the copy application 3042. At step 
S3302, the copy application 3042 requests CCS 3068 
to discard a ticket. 

5 [0288] At step S3303, CCS 3068 searches an issued 
ticket table and discards the corresponding ticket. At 
step S3304, CCS 3068 informs the copier application 
3042 that the ticket has been discarded. 
[0289] At step S3306, the copier application 3042 is- 

10 sues to CCS 3068 a use restriction screen display re- 
quest to display a certification screen on the operation 
panel 3120. At step S3307, CCS 3068 creates the cer- 
tification screen. At step S3308, CCS 3068 issues a cer- 
tification screen displaying request to display the certi- 

15 fication screen to SCS 3069. 

[0290] At step S3309, SCS 3069 displays the certifi- 
cation screen on the operation panel 3 1 20 by requesting 
OCS 3063 to display the certification screen. According 
to the sequence diagram in FIG. 75, when a user logs 

20 out, the multifunctional product 3001 can discard a tick- 
et. 

[0291 ] The present invention is not limited to the spe- 
cifically disclosed embodiments, and variations and 
modifications may be made without departing from the 

25 scope of the present invention. 

[0292] The present application is based on Japanese 
Patent Priority Applications No. 2003-145408 filed May 
22, 2003, No. 2003-152325 filed May 29, 2003, No. 
2004-140134 filed May 10, 2004 and No. 2004-140135 

30 filed May 1 0, 2004, the entire contents of which are here- 
by incorporated by reference. 



Claims 

35 

1. An information processing apparatus (1010, 3001), 
characterized by: 

a restriction part restricting an operation avail- 
40 able to a user on the information processing ap- 

paratus based on a status of the user; and 
a setting part setting the status of the user. 

2. The information processing apparatus (1010) as 
45 claimed in claim 1 , wherein the information process- 
ing apparatus manages one or more entry informa- 
tion elements (1001) and imposes a restriction on 
user's manipulation on an entry information ele- 
ment, 

so the setting part includes a first registration 

function registering manipulation authority to allow 
a manipulation on an entry information element and 
setting authority to allow setting of the manipulation 
authority in association with the entry information 

55 element and one or more users, and 

the restriction part includes a first restriction 
function restricting a manipulation of the users on 
the entry information element in accordance with 
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the manipulation authority. 

3. The information processing apparatus according to 
either claim 1 or claim 2, wherein the restriction part 
further includes a second restriction function re- 
stricting a manipulation of the users on the setting 
authority in accordance with the setting authority. 

4. The information processing apparatus as claimed 
in claim 2 or 3, wherein the manipulation authority 
indicates permission or denial of at least one of a 
viewing manipulation, an editing manipulation and 
a deleting manipulation on the entry information el- 
ement. 

5. The information processing apparatus as claimed 
in any of claims 2 to 4, wherein the setting authority 
is manipulation authority to allow all manipulations 
on the entry information element. 

6. The information processing apparatus as claimed 
in claim 5. wherein at least one of the manipulation 
authority and the setting authority is registered in 
association with at least one item constituting the 
entry information element. 

7. The information processing apparatus as claimed 
in any of claims 2 to 6, wherein the manipulation 
authority is definable based on a table indicative of 
permission or denial of various manipulations on 
the entry information element. 

8. The information processing apparatus as claimed 
in claim 5 or 6 ; wherein at least one of the manipu- 
lation authority and the setting authority is regis- 
tered in association with one user, a group including 
one or more users, or all users. 

9. The information processing apparatus as claimed 
in any one of claims 2 to 8, wherein the setting part 
includes a second registration function registering 
first group information (1003) indicative of one or 
more users having the manipulation authority and 
second group information (1002) indicative of one 
or more users having the setting authority in asso- 
ciation with the entry information element. 

10. The information processing apparatus as claimed 
in claim 9, wherein the restriction part further in- 
cludes a third restriction function restricting a ma- 
nipulation of the users on thefirst group information 
in accordance with the second group information. 

11. The information processing apparatus as claimed 
in claim 9 or 10, wherein the restriction part further 
includes a fourth restriction function restricting a 
manipulation of the users on the second group in- 
formation in accordance with the second group in- 
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formation. 

12. The information processing apparatus as claimed 
in any of claims 9 to 11 , wherein the first group in- 

5 formation indicates permission or denial of a view- 
ing manipulation and an editing manipulation on the 
entry information element for each user. 

13. The information processing apparatus as claimed 
10 in any of claims 9 to 12, wherein the second group 

information indicates one or more users allowed to 
perform a user adding manipulation and a user de- 
leting manipulation on the first group information. 

is 14. The information processing apparatus as claimed 
in either claim 12 or claim 13, wherein the second 
group information indicates one or more users al- 
lowed to register permission or denial of a viewing 
manipulation and an editing manipulation on the en- 
20 try information element in the first group information 
for each user. 

15. The information processing apparatus as claimed 
in any one of claims 9 to 14, wherein the first group 

25 information includes a group comprising one or 
more users allowed to perform a manipulation on 
the entry information element. 

16. The information processing apparatus as claimed 
30 in claim 15, wherein the first group information in- 
cludes permission or denial of a viewing manipula- 
tion and an editing manipulation on the entry infor- 
mation element for each group or each user consti- 
tuting the group. 

35 

17. The information processing apparatus as claimed 
in claim 16, wherein the viewing manipulation and 
the editing manipulation are permitted based on the 
permission or denial of the viewing manipulation 

40 and the editing manipulation granted to the group 
and the permission or denial of the viewing manip- 
ulation and the editing manipulation granted to the 
user. 

45 18. The information processing apparatus as claimed 
in any one of claims 9 to 1 7, wherein the first group 
information is registered in association with an item 
group of the entry information element, and the sec- 
ond group information is registered in association 
so with the entry information element. 

19. The information processing apparatus as claimed 
in any one of claims 9 to 1 8, wherein the first group 
information is registered in association with an item 
55 of the entry information element, and the second 
group information is registered in association with 
the entry information element. 
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20. The information processing apparatus as claimed 
in any one of claims 9 to 19, wherein the first group 
information is registered in association with a ma- 
nipulation on the entry information element, and/the 
second group information is registered in associa- 
tion with the entry information element. 

21. The information processing apparatus (3001) as 
claimed in claim 1 , wherein the information process- 
ing apparatus allows a user to cancel use restriction 
on a program and the user to use the program, 

the setting part includes a setting function as- 
sociating one or more programs (3041 , 3042, 
3043, 3044, 3045) having use restriction with 
one or more certification unit (3070) to cancel 
the use restriction of the programs, and 
the restriction part includes a use function, 
when a user cancels use restriction of a pro- 
gram by using a certification unit associated 
with the program, allowing the user to use the 
program. 

22. The information processing apparatus as claimed 
in claim 21 , wherein the setting function associates 
the program with an internal or external certification 
unit. 

23. The information processing apparatus as claimed 
in either claim 21 or claim 22, wherein the setting 
function associates the program with one or more 
certification units. 

24. The information processing apparatus as claimed 
in claim 23, wherein when the program is associat- 
ed with two or more certification units, the use func- 
tion cancels the use restriction on the program if one 
of the certification units successfully authenticates 
the user. 

25. The information processing apparatus as claimed 
in either claim 23 orclaim 24, wherein when the pro- 
gram is associated with two or more certification 
units, the use function cancels the use restriction 
on the program if all the certification units success- 
fully authenticate the user. 

26. The information processing apparatus as claimed 
in any of claims 21 to 25, further including: 
including: 

a management function receiving a registration 
request from the certification unit and manag- 
ing the certification unit. 

27. The information processing apparatus as claimed 
in any of claims 21 to 26, wherein the use function 
causes the certification unit associated with the pro- 



gram to create a screen to cancel the use restriction 
on the program and a display unit to display the cre- 
ated screen. 

5 28. The information processing apparatus as claimed 
in any of claims 21 to 27, wherein the certification 
unit uses any of information to identify a user, a re- 
cording medium having the information, and a com- 
ponent to prove use authority over the program to 

10 cancel the use restriction on the program. 

29. The information processing apparatus as claimed 
in any one of claims 21 to 28, wherein the setting 
function associates the one or more programs hav- 

15 ing the use restriction with one or more certification 
units to cancel the use restriction of the program 
and one or more charge units (3071) to manage 
charge information corresponding to use of the pro- 
gram. 

20 

30. The information processing apparatus as claimed 
in claim 29, wherein the setting function associates 
a program with internal or external certification unit 
and charge unit. 

25 

31. The information processing apparatus as claimed 
in either claim 29 or claim 30, wherein the setting 
function associates each program with one or more 
certification units and charge units. 

30 

32. The information processing apparatus as claimed 
in claim 31 , wherein when the program is associat- 
ed with two or more certification units, the use func- 
tion cancels the use restriction of the program if one 

35 of the certification units authenticates the user suc- 
cessfully. 

33. The information processing apparatus as claimed 
in either claim 31 or claim 32, wherein when the pro- 

40 gram is associated with two or more certification 
units, the use function cancels the use restriction of 
the program if all the certification units authenticate 
the user successfully. 

45 34. The information processing apparatus as claimed 
in any of claims 29 to 33, further including: 
including: 

a management function receiving a registration 
so request from the certification unit and the 

charge unit and managing the certification unit 
and the charge unit. 

35. The information processing apparatus as claimed 
55 in any of claims 29 to 34, wherein the certification 
unit uses any of information to identify a user, a re- 
cording medium having the information, and a com- 
ponent to prove use authority over the program to 



27 



BNSDOCID: <EP 1480104A2_!_> 



53 



EP 1 480 104 A2 



54 



cancel the use restriction on the program. 

36. The information processing apparatus as claimed 
in any of claims 29 to 35, wherein the charge unit 
manages the charge information by subtracting 
charge corresponding to an amount of use of the 
program from a deposit of the user or recording the 
amount of use of the program. 

37. The information processing apparatus as claimed 
in any of claims 21 to 36, wherein the setting func- 
tion associates internal or external certification unit 
and charge unit with a function of the program. 

38. The information processing apparatus as claimed 
in any of claims 1 to 37, wherein the information 
processing apparatus is an image processing ap- 
paratus. 



42. The method as claimed in claim 40 or 41 , wherein 
the association set includes associating internal or 
external certification unit and charge unit with a 
function of the program. 

5 

43. A computer program comprising program code 
means that, when executed on a computer system, 
instructs an image processing apparatus to carry 
out the steps according to any one of claims 40 to 

10 42. 

44. A computer readable storage medium having re- 
corded thereon program code means that, when ex- 
ecuted on a computer system, instructs an image 

is processing apparatus to carry out the steps accord- 
ing to any one of claims 40 to 42. 



39. A method of managing entry information for an in- 
formation processing apparatus (1010) that manag- 
es one or more entry information elements (1001) 
and restricts a manipulation of one or more users 
on the entry information elements, the method 
characterized by steps of: 

registering manipulation authority to allow a 
manipulation on an entry information element 
and setting authority to allow setting of the ma- 
nipulation authority in association with the entry 
information element and one or more users; 
and 

restricting a manipulation of the users on the 
entry information element in accordance with 
the manipulation authority. 

40. A method of controlling a certification function for 
an information processing apparatus (3001 ) that al- 
lows a user to cancel use restriction on a program 
and the user to use the program, the method char- 
acterized by steps of: 

associating one ormore programs (3041 , 3042, 
3043, 3044, 3045) having use restriction with 
one or more certification unit (3070) to cancel 
the use restriction of the programs; and 
allowing, when a usercancels use restriction of 
a program by using a certification unit associ- 
ated with the program, the user to use the pro- 
gram. 

41 . The method as claimed in claim 40 : wherein the as- 
sociation step includes associating the one or more 
programs having the use restriction with one or 
more certification units to cancel the use restriction 
of the program and one ormore charge units (3071) 
to manage charge information corresponding to use 
of the program. 
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